/**
  * Authenticates a user. The function decrypts the password, runs evaluations
  * on it and passes to the parent authentication service.
  *
  * @param	array	$userRecord	User record
  * @return	int		Code that shows if user is really authenticated.
  * @see	t3lib_userAuth::checkAuthentication()
  */
 public function authUser(array $userRecord)
 {
     $result = 100;
     if ($this->pObj->security_level == 'rsa') {
         $storage = tx_rsaauth_storagefactory::getStorage();
         /* @var $storage tx_rsaauth_abstract_storage */
         // Set failure status by default
         $result = -1;
         // Preprocess the password
         $password = $this->login['uident'];
         $key = $storage->get();
         if ($key != null && substr($password, 0, 4) == 'rsa:') {
             // Decode password and pass to parent
             $decryptedPassword = $this->backend->decrypt($key, substr($password, 4));
             if ($decryptedPassword != null) {
                 // Run the password through the eval function
                 $decryptedPassword = $this->runPasswordEvaluations($decryptedPassword);
                 if ($decryptedPassword != null) {
                     $this->login['uident'] = $decryptedPassword;
                     if (parent::authUser($userRecord)) {
                         $result = 200;
                     }
                 }
             }
             // Reset the password to its original value
             $this->login['uident'] = $password;
             // Remove the key
             $storage->put(null);
         }
     }
     return $result;
 }
 /**
  * Hooks to the felogin extension to provide additional code for FE login
  *
  * @return	array	0 => onSubmit function, 1 => extra fields and required files
  */
 public function loginFormHook()
 {
     $result = array(0 => '', 1 => '');
     if ($GLOBALS['TYPO3_CONF_VARS']['FE']['loginSecurityLevel'] == 'rsa') {
         $backend = tx_rsaauth_backendfactory::getBackend();
         if ($backend) {
             $result[0] = 'tx_rsaauth_feencrypt(this);';
             $javascriptPath = t3lib_extMgm::siteRelPath('rsaauth') . 'resources/';
             $files = array('jsbn/jsbn.js', 'jsbn/prng4.js', 'jsbn/rng.js', 'jsbn/rsa.js', 'jsbn/base64.js', 'rsaauth_min.js');
             foreach ($files as $file) {
                 $result[1] .= '<script type="text/javascript" src="' . t3lib_div::getIndpEnv('TYPO3_SITE_URL') . $javascriptPath . $file . '"></script>';
             }
             // Generate a new key pair
             $keyPair = $backend->createNewKeyPair();
             // Save private key
             $storage = tx_rsaauth_storagefactory::getStorage();
             /* @var $storage tx_rsaauth_abstract_storage */
             $storage->put($keyPair->getPrivateKey());
             // Add RSA hidden fields
             $result[1] .= '<input type="hidden" id="rsa_n" name="n" value="' . htmlspecialchars($keyPair->getPublicKeyModulus()) . '" />';
             $result[1] .= '<input type="hidden" id="rsa_e" name="e" value="' . sprintf('%x', $keyPair->getExponent()) . '" />';
         }
     }
     return $result;
 }
 /**
  * Adds RSA-specific JavaScript and returns a form tag
  *
  * @return	string	Form tag
  */
 public function getLoginFormTag(array $params, SC_index &$pObj)
 {
     $form = null;
     if ($pObj->loginSecurityLevel == 'rsa') {
         // If we can get the backend, we can proceed
         $backend = tx_rsaauth_backendfactory::getBackend();
         if (!is_null($backend)) {
             // Add form tag
             $form = '<form action="index.php" method="post" name="loginform" onsubmit="tx_rsaauth_encrypt();">';
             // Generate a new key pair
             $keyPair = $backend->createNewKeyPair();
             // Save private key
             $storage = tx_rsaauth_storagefactory::getStorage();
             /* @var $storage tx_rsaauth_abstract_storage */
             $storage->put($keyPair->getPrivateKey());
             // Add RSA hidden fields
             $form .= '<input type="hidden" id="rsa_n" name="n" value="' . htmlspecialchars($keyPair->getPublicKeyModulus()) . '" />';
             $form .= '<input type="hidden" id="rsa_e" name="e" value="' . sprintf('%x', $keyPair->getExponent()) . '" />';
         }
     }
     return $form;
 }
 /**
  * Sets the preffered storage to the factory. This method can be called from
  * another extension or ext_localconf.php
  *
  * @param	string	$preferredStorage	Preffered storage
  * @return	void
  */
 public static function setPreferredStorage($preferredStorage)
 {
     self::$preferredStorage = $preferredStorage;
 }
 /**
  * Method adds a further authUser method.
  *
  * Will return one of following authentication status codes:
  *  - 0 - authentication failure
  *  - 100 - just go on. User is not authenticated but there is still no reason to stop
  *  - 200 - the service was able to authenticate the user
  *
  * @param	array		Array containing FE user data of the logged user.
  * @return	integer		authentication statuscode, one of 0,100 and 200
  */
 public function authUser(array $user)
 {
     $OK = 100;
     $validPasswd = FALSE;
     if ($this->pObj->security_level == 'rsa' && t3lib_extMgm::isLoaded('rsaauth')) {
         require_once t3lib_extMgm::extPath('rsaauth') . 'sv1/backends/class.tx_rsaauth_backendfactory.php';
         require_once t3lib_extMgm::extPath('rsaauth') . 'sv1/storage/class.tx_rsaauth_storagefactory.php';
         $backend = tx_rsaauth_backendfactory::getBackend();
         $storage = tx_rsaauth_storagefactory::getStorage();
         // Preprocess the password
         $password = $this->login['uident'];
         $key = $storage->get();
         if ($key != NULL && substr($password, 0, 4) == 'rsa:') {
             // Decode password and pass to parent
             $decryptedPassword = $backend->decrypt($key, substr($password, 4));
             $this->login['uident_text'] = $decryptedPassword;
         }
     }
     if ($this->login['uident'] && $this->login['uname']) {
         if (!empty($this->login['uident_text'])) {
             $validPasswd = $this->compareUident($user, $this->login);
         }
         if (!$validPasswd && (intval($this->extConf['onlyAuthService']) || $this->authenticationFailed)) {
             // Failed login attempt (wrong password) - no delegation to further services
             $this->writeLog(TYPO3_MODE . ' Authentication failed - wrong password for username \'%s\'', $this->login['uname']);
             $OK = 0;
         } else {
             if (!$validPasswd) {
                 // Failed login attempt (wrong password)
                 $this->writeLog("Login-attempt from %s, username '%s', password not accepted!", $this->authInfo['REMOTE_ADDR'], $this->login['uname']);
             } else {
                 if ($validPasswd && $user['lockToDomain'] && strcasecmp($user['lockToDomain'], $this->authInfo['HTTP_HOST'])) {
                     // Lock domain didn't match, so error:
                     $this->writeLog("Login-attempt from %s, username '%s', locked domain '%s' did not match '%s'!", $this->authInfo['REMOTE_ADDR'], $this->login['uname'], $user['lockToDomain'], $this->authInfo['HTTP_HOST']);
                     $OK = 0;
                 } else {
                     if ($validPasswd) {
                         $this->writeLog(TYPO3_MODE . ' Authentication successful for username \'%s\'', $this->login['uname']);
                         $OK = 200;
                     }
                 }
             }
         }
     }
     return $OK;
 }
 /**
  * Decrypts fields that were encrypted for transmission
  *
  * @param array $row: incoming data array that may contain encrypted fields
  * @return boolean TRUE if decryption was successful
  */
 public function decryptIncomingFields(array &$row)
 {
     $success = TRUE;
     $fields = array('password', 'password_again');
     $incomingFieldSet = FALSE;
     foreach ($fields as $field) {
         if (isset($row[$field])) {
             $incomingFieldSet = TRUE;
             break;
         }
     }
     if ($incomingFieldSet) {
         switch ($this->getTransmissionSecurityLevel()) {
             case 'rsa':
                 // Get services from rsaauth
                 // Can't simply use the authentication service because we have two fields to decrypt
                 $backend = tx_rsaauth_backendfactory::getBackend();
                 $storage = tx_rsaauth_storagefactory::getStorage();
                 /* @var $storage tx_rsaauth_abstract_storage */
                 if (is_object($backend) && is_object($storage)) {
                     $key = $storage->get();
                     if ($key != NULL) {
                         foreach ($fields as $field) {
                             if (isset($row[$field]) && $row[$field] != '') {
                                 if (substr($row[$field], 0, 4) == 'rsa:') {
                                     // Decode password
                                     $result = $backend->decrypt($key, substr($row[$field], 4));
                                     if ($result) {
                                         $row[$field] = $result;
                                     } else {
                                         // RSA auth service failed to process incoming password
                                         // May happen if the key is wrong
                                         // May happen if multiple instance of rsaauth on same page
                                         $success = FALSE;
                                         $message = $GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_rsaauth_process_incoming_password_failed');
                                         t3lib_div::sysLog($message, $this->extKey, t3lib_div::SYSLOG_SEVERITY_ERROR);
                                     }
                                 }
                             }
                         }
                         // Remove the key
                         $storage->put(NULL);
                     } else {
                         // RSA auth service failed to retrieve private key
                         // May happen if the key was already removed
                         $success = FALSE;
                         $message = $GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_rsaauth_retrieve_private_key_failed');
                         t3lib_div::sysLog($message, $this->extKey, t3lib_div::SYSLOG_SEVERITY_ERROR);
                     }
                 } else {
                     // Required RSA auth backend not available
                     // Should not happen: checked in tx_srfeuserregister_pi1_base::checkRequirements
                     $success = FALSE;
                     $message = $GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_rsaauth_backend_not_available');
                     t3lib_div::sysLog($message, $this->extKey, t3lib_div::SYSLOG_SEVERITY_ERROR);
                 }
                 break;
             case 'normal':
             default:
                 // Nothing to decrypt
                 break;
         }
     }
     return $success;
 }
 protected function checkRequirements()
 {
     $content = '';
     // Check if all required extensions are available
     if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF'][$this->extKey]['constraints']['depends'])) {
         $requiredExtensions = array_diff(array_keys($GLOBALS['TYPO3_CONF_VARS']['EXTCONF'][$this->extKey]['constraints']['depends']), array('php', 'typo3'));
         foreach ($requiredExtensions as $requiredExtension) {
             if (!t3lib_extMgm::isLoaded($requiredExtension)) {
                 $message = sprintf($GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_required_extension_missing'), $requiredExtension);
                 t3lib_div::sysLog($message, $this->extKey, t3lib_div::SYSLOG_SEVERITY_ERROR);
                 $content .= sprintf($GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_check_requirements_frontend'), $message);
             }
         }
     }
     // Check if front end login security level is correctly set
     $supportedTransmissionSecurityLevels = $GLOBALS['TYPO3_CONF_VARS']['EXTCONF'][$this->extKey]['loginSecurityLevels'];
     if (!in_array($GLOBALS['TYPO3_CONF_VARS']['FE']['loginSecurityLevel'], $supportedTransmissionSecurityLevels)) {
         $message = $GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_login_security_level');
         t3lib_div::sysLog($message, $this->extKey, t3lib_div::SYSLOG_SEVERITY_ERROR);
         $content .= sprintf($GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_check_requirements_frontend'), $message);
     } else {
         // Check if salted passwords are enabled in front end
         if (t3lib_extMgm::isLoaded('saltedpasswords')) {
             if (!tx_saltedpasswords_div::isUsageEnabled('FE')) {
                 $message = $GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_salted_passwords_disabled');
                 t3lib_div::sysLog($message, $this->extKey, t3lib_div::SYSLOG_SEVERITY_ERROR);
                 $content .= sprintf($GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_check_requirements_frontend'), $message);
             } else {
                 // Check if we can get a salting instance
                 $objSalt = tx_saltedpasswords_salts_factory::getSaltingInstance(NULL);
                 if (!is_object($objSalt)) {
                     // Could not get a salting instance from saltedpasswords
                     $message = $GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_salted_passwords_no_instance');
                     t3lib_div::sysLog($message, $this->extKey, t3lib_div::SYSLOG_SEVERITY_ERROR);
                     $content .= sprintf($GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_check_requirements_frontend'), $message);
                 }
             }
         }
         // Check if we can get a backend from rsaauth
         if (t3lib_extMgm::isLoaded('rsaauth')) {
             // rsaauth in TYPO3 4.5 misses autoload
             if (!class_exists('tx_rsaauth_backendfactory')) {
                 require_once t3lib_extMgm::extPath('rsaauth') . 'sv1/backends/class.tx_rsaauth_backendfactory.php';
                 require_once t3lib_extMgm::extPath('rsaauth') . 'sv1/storage/class.tx_rsaauth_storagefactory.php';
             }
             $backend = tx_rsaauth_backendfactory::getBackend();
             $storage = tx_rsaauth_storagefactory::getStorage();
             if (!is_object($backend) || !$backend->isAvailable() || !is_object($storage)) {
                 // Required RSA auth backend not available
                 $message = $GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_rsaauth_backend_not_available');
                 t3lib_div::sysLog($message, $this->extKey, t3lib_div::SYSLOG_SEVERITY_ERROR);
                 $content .= sprintf($GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_check_requirements_frontend'), $message);
             }
         }
     }
     return $content;
 }