Example #1
0
 /**
  * Run the controller and parse the template
  */
 public function run()
 {
     /** @var \BackendTemplate|object $objTemplate */
     $objTemplate = new \BackendTemplate('be_preview');
     $objTemplate->base = \Environment::get('base');
     $objTemplate->language = $GLOBALS['TL_LANGUAGE'];
     $objTemplate->title = specialchars($GLOBALS['TL_LANG']['MSC']['fePreview']);
     $objTemplate->charset = \Config::get('characterSet');
     $objTemplate->site = \Input::get('site', true);
     if (\Input::get('url')) {
         $objTemplate->url = \Environment::get('base') . \Input::get('url');
     } elseif (\Input::get('page')) {
         $objTemplate->url = $this->redirectToFrontendPage(\Input::get('page'), \Input::get('article'), true);
     } else {
         $objTemplate->url = \Environment::get('base');
     }
     // Switch to a particular member (see #6546)
     if (\Input::get('user') && $this->User->isAdmin) {
         $objUser = \MemberModel::findByUsername(\Input::get('user'));
         if ($objUser !== null) {
             $strHash = sha1(session_id() . (!\Config::get('disableIpCheck') ? \Environment::get('ip') : '') . 'FE_USER_AUTH');
             // Remove old sessions
             $this->Database->prepare("DELETE FROM tl_session WHERE tstamp<? OR hash=?")->execute(time() - \Config::get('sessionTimeout'), $strHash);
             // Insert the new session
             $this->Database->prepare("INSERT INTO tl_session (pid, tstamp, name, sessionID, ip, hash) VALUES (?, ?, ?, ?, ?, ?)")->execute($objUser->id, time(), 'FE_USER_AUTH', session_id(), \Environment::get('ip'), $strHash);
             // Set the cookie
             $this->setCookie('FE_USER_AUTH', $strHash, time() + \Config::get('sessionTimeout'), null, null, false, true);
             $objTemplate->user = \Input::post('user');
         }
     }
     \Config::set('debugMode', false);
     $objTemplate->output();
 }
Example #2
0
 /**
  * {@inheritdoc}
  */
 public function authenticate(\PageModel $rootPage)
 {
     $authorization = \Environment::get('httpAuthorization');
     list($mechanism, $authorization) = preg_split('#\\s+#', $authorization, 2);
     if (strtolower($mechanism) == 'basic') {
         $authorization = base64_decode($authorization);
         list($username, $password) = explode(':', $authorization, 2);
         $member = \MemberModel::findByUsername($username);
         // The password has been generated with crypt()
         if (crypt($password, $member->password) == $member->password) {
             return $member;
         }
     }
     return null;
 }
Example #3
0
 /**
  * Display a login form
  *
  * @return string
  */
 public function generate()
 {
     if (TL_MODE == 'BE') {
         /** @var \BackendTemplate|object $objTemplate */
         $objTemplate = new \BackendTemplate('be_wildcard');
         $objTemplate->wildcard = '### ' . utf8_strtoupper($GLOBALS['TL_LANG']['FMD']['login'][0]) . ' ###';
         $objTemplate->title = $this->headline;
         $objTemplate->id = $this->id;
         $objTemplate->link = $this->name;
         $objTemplate->href = '' . $GLOBALS['TL_CONFIG']['backendPath'] . '/main.php?do=themes&amp;table=tl_module&amp;act=edit&amp;id=' . $this->id;
         return $objTemplate->parse();
     }
     // Set the last page visited
     if (!$_POST && $this->redirectBack) {
         $_SESSION['LAST_PAGE_VISITED'] = $this->getReferer();
     }
     // Login
     if (\Input::post('FORM_SUBMIT') == 'tl_login') {
         // Check whether username and password are set
         if (empty($_POST['username']) || empty($_POST['password'])) {
             $_SESSION['LOGIN_ERROR'] = $GLOBALS['TL_LANG']['MSC']['emptyField'];
             $this->reload();
         }
         $this->import('FrontendUser', 'User');
         $strRedirect = \Environment::get('request');
         // Redirect to the last page visited
         if ($this->redirectBack && $_SESSION['LAST_PAGE_VISITED'] != '') {
             $strRedirect = $_SESSION['LAST_PAGE_VISITED'];
         } else {
             // Redirect to the jumpTo page
             if ($this->jumpTo && ($objTarget = $this->objModel->getRelated('jumpTo')) !== null) {
                 $strRedirect = $this->generateFrontendUrl($objTarget->row());
             }
             // Overwrite the jumpTo page with an individual group setting
             $objMember = \MemberModel::findByUsername(\Input::post('username'));
             if ($objMember !== null) {
                 $arrGroups = deserialize($objMember->groups);
                 if (!empty($arrGroups) && is_array($arrGroups)) {
                     $objGroupPage = \MemberGroupModel::findFirstActiveWithJumpToByIds($arrGroups);
                     if ($objGroupPage !== null) {
                         $strRedirect = $this->generateFrontendUrl($objGroupPage->row());
                     }
                 }
             }
         }
         // Auto login is not allowed
         if (isset($_POST['autologin']) && !$this->autologin) {
             unset($_POST['autologin']);
             \Input::setPost('autologin', null);
         }
         // Login and redirect
         if ($this->User->login()) {
             $this->redirect($strRedirect);
         }
         $this->reload();
     }
     // Logout and redirect to the website root if the current page is protected
     if (\Input::post('FORM_SUBMIT') == 'tl_logout') {
         /** @var \PageModel $objPage */
         global $objPage;
         $this->import('FrontendUser', 'User');
         $strRedirect = \Environment::get('request');
         // Redirect to last page visited
         if ($this->redirectBack && strlen($_SESSION['LAST_PAGE_VISITED'])) {
             $strRedirect = $_SESSION['LAST_PAGE_VISITED'];
         } elseif ($objPage->protected) {
             $strRedirect = \Environment::get('base');
         }
         // Logout and redirect
         if ($this->User->logout()) {
             $this->redirect($strRedirect);
         }
         $this->reload();
     }
     return parent::generate();
 }
Example #4
0
 /**
  * Run the controller and parse the template
  */
 public function run()
 {
     if (\Environment::get('isAjaxRequest')) {
         $this->getDatalistOptions();
     }
     $strUser = '';
     $strHash = sha1(session_id() . (!\Config::get('disableIpCheck') ? \Environment::get('ip') : '') . 'FE_USER_AUTH');
     // Get the front end user
     if (FE_USER_LOGGED_IN) {
         $objUser = $this->Database->prepare("SELECT username FROM tl_member WHERE id=(SELECT pid FROM tl_session WHERE hash=?)")->limit(1)->execute($strHash);
         if ($objUser->numRows) {
             $strUser = $objUser->username;
         }
     }
     /** @var \BackendTemplate|object $objTemplate */
     $objTemplate = new \BackendTemplate('be_switch');
     $objTemplate->user = $strUser;
     $objTemplate->show = \Input::cookie('FE_PREVIEW');
     $objTemplate->update = false;
     // Switch
     if (\Input::post('FORM_SUBMIT') == 'tl_switch') {
         $time = time();
         // Hide unpublished elements
         if (\Input::post('unpublished') == 'hide') {
             $this->setCookie('FE_PREVIEW', 0, $time - 86400);
             $objTemplate->show = 0;
         } else {
             $this->setCookie('FE_PREVIEW', 1, $time + \Config::get('sessionTimeout'));
             $objTemplate->show = 1;
         }
         // Allow admins to switch user accounts
         if ($this->User->isAdmin) {
             // Remove old sessions
             $this->Database->prepare("DELETE FROM tl_session WHERE tstamp<? OR hash=?")->execute($time - \Config::get('sessionTimeout'), $strHash);
             // Log in the front end user
             if (\Input::post('user')) {
                 $objUser = \MemberModel::findByUsername(\Input::post('user'));
                 if ($objUser !== null) {
                     // Insert the new session
                     $this->Database->prepare("INSERT INTO tl_session (pid, tstamp, name, sessionID, ip, hash) VALUES (?, ?, ?, ?, ?, ?)")->execute($objUser->id, $time, 'FE_USER_AUTH', session_id(), \Environment::get('ip'), $strHash);
                     // Set the cookie
                     $this->setCookie('FE_USER_AUTH', $strHash, $time + \Config::get('sessionTimeout'), null, null, false, true);
                     $objTemplate->user = \Input::post('user');
                 }
             } else {
                 // Remove cookie
                 $this->setCookie('FE_USER_AUTH', $strHash, $time - 86400, null, null, false, true);
                 $objTemplate->user = '';
             }
         }
         $objTemplate->update = true;
     }
     // Default variables
     $objTemplate->theme = \Backend::getTheme();
     $objTemplate->base = \Environment::get('base');
     $objTemplate->language = $GLOBALS['TL_LANGUAGE'];
     $objTemplate->apply = $GLOBALS['TL_LANG']['MSC']['apply'];
     $objTemplate->reload = $GLOBALS['TL_LANG']['MSC']['reload'];
     $objTemplate->feUser = $GLOBALS['TL_LANG']['MSC']['feUser'];
     $objTemplate->username = $GLOBALS['TL_LANG']['MSC']['username'];
     $objTemplate->charset = \Config::get('characterSet');
     $objTemplate->lblHide = $GLOBALS['TL_LANG']['MSC']['hiddenHide'];
     $objTemplate->lblShow = $GLOBALS['TL_LANG']['MSC']['hiddenShow'];
     $objTemplate->fePreview = $GLOBALS['TL_LANG']['MSC']['fePreview'];
     $objTemplate->hiddenElements = $GLOBALS['TL_LANG']['MSC']['hiddenElements'];
     $objTemplate->closeSrc = TL_FILES_URL . 'system/themes/' . \Backend::getTheme() . '/images/close.gif';
     $objTemplate->action = ampersand(\Environment::get('request'));
     $objTemplate->isAdmin = $this->User->isAdmin;
     \Config::set('debugMode', false);
     $objTemplate->output();
 }