/** * Execute task * * @return void */ public function execute() { $processedAllRecords = TRUE; // For frontend and backend foreach ($this->userRecordPointer as $mode => $pointer) { // If saltedpasswords is active for frontend / backend if (tx_saltedpasswords_div::isUsageEnabled($mode)) { $usersToUpdate = $this->findUsersToUpdate($mode); $numberOfRows = count($usersToUpdate); if ($numberOfRows > 0) { $processedAllRecords = FALSE; $this->incrementUserRecordPointer($mode, $numberOfRows); $this->convertPasswords($mode, $usersToUpdate); } } } // Determine if task should disable itself if ($this->canDeactivateSelf && $processedAllRecords) { $this->deactivateSelf(); } // Use save() of parent class tx_scheduler_Task to persist // changed task variables: $this->userRecordPointer and $this->disabled $this->save(); return TRUE; }
/** * Sets the storage security level * * @return void */ protected function setStorageSecurityLevel() { $this->storageSecurityLevel = 'normal'; if (t3lib_extMgm::isLoaded('saltedpasswords') && tx_saltedpasswords_div::isUsageEnabled('FE')) { $this->storageSecurityLevel = 'salted'; } }
/** * Replaces password with salted hash of passwort * extends tx_srfeuserregister_data->parseOutgoingData * * @param array $dataArray: array with user data to be modified * @param array $origArray * * @return array parsed array */ function parseOutgoingData(&$dataArray, $origArray) { $parsedArray = parent::parseOutgoingData($dataArray, $origArray); if (t3lib_extMgm::isLoaded('saltedpasswords') && tx_saltedpasswords_div::isUsageEnabled()) { $objPHPass = t3lib_div::makeInstance(tx_saltedpasswords_div::getDefaultSaltingHashingMethod()); $updatedPassword = $objPHPass->getHashedPassword($parsedArray['password']); $parsedArray['password'] = $parsedArray['password_again'] = $updatedPassword; } return $parsedArray; }
/** * Encrypts the new password before storing in database * * @param string $string * @return string */ public static function salt($string) { if (t3lib_extMgm::isLoaded('saltedpasswords')) { if (tx_saltedpasswords_div::isUsageEnabled('FE')) { $saltingInstance = tx_saltedpasswords_salts_factory::getSaltingInstance(); $string = $saltingInstance->getHashedPassword($string); } } else { if (t3lib_extMgm::isLoaded('t3sec_saltedpw')) { require_once t3lib_extMgm::extPath('t3sec_saltedpw') . 'res/staticlib/class.tx_t3secsaltedpw_div.php'; if (tx_t3secsaltedpw_div::isUsageEnabled()) { require_once t3lib_extMgm::extPath('t3sec_saltedpw') . 'res/lib/class.tx_t3secsaltedpw_phpass.php'; $objPHPass = t3lib_div::makeInstance('tx_t3secsaltedpw_phpass'); $string = $objPHPass->getHashedPassword($string); } } } return $string; }
/** * Function uses Portable PHP Hashing Framework to create a proper password string if needed * * @param mixed $value: The value that has to be checked. * @param string $is_in: Is-In String * @param integer $set: Determines if the field can be set (value correct) or not, e.g. if input is required but the value is empty, then $set should be set to FALSE. (PASSED BY REFERENCE!) * @return The new value of the field */ function evaluateFieldValue($value, $is_in, &$set) { $isEnabled = $this->mode ? tx_saltedpasswords_div::isUsageEnabled($this->mode) : tx_saltedpasswords_div::isUsageEnabled(); if ($isEnabled) { $set = FALSE; $isMD5 = preg_match('/[0-9abcdef]{32,32}/', $value); $isSaltedHash = t3lib_div::inList('$1$,$2$,$2a,$P$', substr($value, 0, 3)); $this->objInstanceSaltedPW = tx_saltedpasswords_salts_factory::getSaltingInstance(NULL, $this->mode); if ($isMD5) { $set = TRUE; $value = 'M' . $this->objInstanceSaltedPW->getHashedPassword($value); } else { if (!$isSaltedHash) { $set = TRUE; $value = $this->objInstanceSaltedPW->getHashedPassword($value); } } } return $value; }
/** * Obtains a salting hashing method instance. * * This function will return an instance of a class that implements * tx_saltedpasswords_abstract_salts. * * Use parameter NULL to reset the factory! * * @param string $saltedHash: (optional) salted hashed password to determine the type of used method from or NULL to reset the factory * @param string $mode: (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for * @return tx_saltedpasswords_abstract_salts an instance of salting hashing method object */ public static function getSaltingInstance($saltedHash = '', $mode = TYPO3_MODE) { // creating new instance when // * no instance existing // * a salted hash given to determine salted hashing method from // * a NULL parameter given to reset instance back to default method if (!is_object(self::$instance) || !empty($saltedHash) || is_NULL($saltedHash)) { // determine method by checking the given hash if (!empty($saltedHash)) { $result = self::determineSaltingHashingMethod($saltedHash); if (!$result) { self::$instance = NULL; } } else { $classNameToUse = tx_saltedpasswords_div::getDefaultSaltingHashingMethod($mode); $availableClasses = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods']; self::$instance = t3lib_div::getUserObj($availableClasses[$classNameToUse], 'tx_'); } } return self::$instance; }
/** * @test */ public function doesReturnExtConfReturnMergedSettingsIfExtensionConfigurationIsFound() { $setting = array('setting' => 1); $GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords'] = serialize(array('TEST_MODE.' => $setting)); $this->assertEquals(array_merge(tx_saltedpasswords_div::returnExtConfDefaults(), $setting), tx_saltedpasswords_div::returnExtConf('TEST_MODE')); }
/** * Check whether salted passwords are enabled in front end * * @return tx_reports_reports_status_Status */ protected function checkIfSaltedPasswordsAreEnabledInFrontEnd() { $title = $GLOBALS['LANG']->sL('LLL:EXT:' . SR_FEUSER_REGISTER_EXT . '/hooks/statusreport/locallang.xlf:Salted_passwords_in_front_end'); if (!t3lib_extMgm::isLoaded('saltedpasswords') || !tx_saltedpasswords_div::isUsageEnabled('FE')) { $value = $GLOBALS['LANG']->sL('LLL:EXT:' . SR_FEUSER_REGISTER_EXT . '/hooks/statusreport/locallang.xlf:disabled'); $message = $GLOBALS['LANG']->sL('LLL:EXT:' . SR_FEUSER_REGISTER_EXT . '/hooks/statusreport/locallang.xlf:salted_passwords_must_be_enabled'); $status = tx_reports_reports_status_Status::ERROR; } else { $value = $GLOBALS['LANG']->sL('LLL:EXT:' . SR_FEUSER_REGISTER_EXT . '/hooks/statusreport/locallang.xlf:enabled'); $message = ''; $status = tx_reports_reports_status_Status::OK; } return t3lib_div::makeInstance('tx_reports_reports_status_Status', $title, $value, $message, $status); }
/** * Generates the module content. * * @return void */ protected function moduleContent() { switch ((string) $this->MOD_SETTINGS['function']) { case 1: // Get default project name $path = PATH_site . 'fileadmin/templates/'; $dirs = scandir($path); // Filter directories foreach ($dirs as $dir) { if ($dir != '.' && $dir != '..' && $dir != 'default' && $dir != 'ts') { $projectDir = $dir; } } // Form submitted if ($_POST['submit_config']) { // No basedomain given if (!$_POST['project_basedomainde']) { $errorMessageContent = '<h3>' . $GLOBALS['LANG']->getLL('noBasedomain') . '</h3>'; $errorMessageContent .= '<p>' . $GLOBALS['LANG']->getLL('noBasedomainText') . '</p>'; $content = '<div class="alert alert-error">' . $errorMessageContent . '</div>'; $this->content .= $this->doc->section($GLOBALS['LANG']->getLL('title'), $content, 0, 1); } else { if (!$_POST['project_email']) { $errorMessageContent = '<h3>' . $GLOBALS['LANG']->getLL('noEmail') . '</h3>'; $errorMessageContent .= '<p>' . $GLOBALS['LANG']->getLL('noEmailText') . '</p>'; $content = '<div class="alert alert-error">' . $errorMessageContent . '</div>'; $this->content .= $this->doc->section($GLOBALS['LANG']->getLL('title'), $content, 0, 1); } else { if (!$this->checkEmail($_POST['project_email'])) { $errorMessageContent = '<h3>' . $GLOBALS['LANG']->getLL('noValidEmail') . '</h3>'; $errorMessageContent .= '<p>' . $GLOBALS['LANG']->getLL('noValidEmailText') . '</p>'; $content = '<div class="alert alert-error">' . $errorMessageContent . '</div>'; $this->content .= $this->doc->section($GLOBALS['LANG']->getLL('title'), $content, 0, 1); } else { if (!$_POST['project_httphost']) { $errorMessageContent = '<h3>' . $GLOBALS['LANG']->getLL('noHttpHost') . '</h3>'; $errorMessageContent .= '<p>' . $GLOBALS['LANG']->getLL('noHttpHostText') . '</p>'; $content = '<div class="alert alert-error">' . $errorMessageContent . '</div>'; $this->content .= $this->doc->section($GLOBALS['LANG']->getLL('title'), $content, 0, 1); } else { // Get project name $projectName = trim(strtolower($_POST['project_name'])); // Check if uppercase if (ctype_upper($_POST['project_name'])) { $projectNameUpper = $_POST['project_name']; $projectDirUpper = strtoupper($projectDir); } else { $projectNameUpper = $projectName; $projectDirUpper = $projectDir; } // Rename dir rename($path . $projectDir, $path . $projectName); /* Change files BEGIN */ // Files to change $files = array(PATH_site . 'fileadmin/templates/ts/setup/JavaScriptIncludes_setup.ts', PATH_site . 'fileadmin/templates/ts/TSConfig/Page.ts', PATH_site . 'typo3conf/new_localconf.php'); // Parse files foreach ($files as $f) { // Open file $data = file_get_contents($f); // Change data $data = str_replace($projectDir, $projectName, $data); // Write file file_put_contents($f, $data); } /* Change files END */ /* Change files with uppercase BEGIN */ // Files to change $files2 = array(PATH_site . 'fileadmin/templates/ts/setup/lib_setup.ts', PATH_site . 'fileadmin/templates/ts/constants/StandardConfig_constants.ts', PATH_site . 'fileadmin/templates/ts/setup/lib_setup.ts'); // Parse files foreach ($files2 as $f2) { // Open file $data2 = file_get_contents($f2); // Change data $data2 = str_replace(ucfirst($projectDir), ucfirst($projectNameUpper), $data2); // Write file file_put_contents($f2, $data2); } /* Change files with uppercase END */ /* Copyright notice BEGIN */ $copyrightNotice = $_POST['project_copyright']; if (!$copyrightNotice) { $copyrightNotice = $GLOBALS['LANG']->getLL('copyrightDefault'); } $files3 = array(PATH_site . 'fileadmin/templates/ts/setup/StandardConfig_setup.ts'); foreach ($files3 as $f3) { // Open file $data3 = file_get_contents($f3); // Change data $data3 = str_replace("headerComment =", "headerComment = " . $copyrightNotice, $data3); // Write file file_put_contents($f3, $data3); } /* Copyright notice END */ /* Basedomain BEGIN */ $files4 = array(PATH_site . 'fileadmin/templates/ts/constants/StandardConfig_constants.ts'); foreach ($files4 as $f4) { $basedomainDE = trim($_POST['project_basedomainde'], '/') . '/'; $basedomainEN = trim($_POST['project_basedomainen'], '/') . '/'; $httpHost = trim($_POST['project_httphost'], '/'); $basedomainDEPreview = trim($_POST['preview_basedomainde'], '/') . '/'; $basedomainENPreview = trim($_POST['preview_basedomainen'], '/') . '/'; $httpHostPreview = trim($_POST['preview_httphost'], '/'); $basedomainDELive = trim($_POST['live_basedomainde'], '/') . '/'; $basedomainENLive = trim($_POST['live_basedomainen'], '/') . '/'; $httpHostLive = trim($_POST['live_httphost'], '/'); // Open file $data4 = file_get_contents($f4); // Add data $data4 = "" . $data4 . "\r\n\r\n# # medbootstraptools [BEGIN]\r\n\r\n[globalVar = IENV:HTTP_HOST = " . $httpHost . "]\r\n\r\nt3bootstrap {\r\n\tbasedomain.de = " . $basedomainDE . "\r\n\tbasedomain.en = " . $basedomainEN . "\r\n}\r\n\r\n[globalVar = IENV:HTTP_HOST = " . $httpHostPreview . "]\r\n\r\nt3bootstrap {\r\n\tbasedomain.de = " . $basedomainDEPreview . "\r\n\tbasedomain.en = " . $basedomainENPreview . "\r\n}\r\n\r\n[globalVar = IENV:HTTP_HOST = " . $httpHostLive . "]\r\n\r\nt3bootstrap {\r\n\tbasedomain.de = " . $basedomainDELive . "\r\n\tbasedomain.en = " . $basedomainENLive . "\r\n}\r\n\r\n[global]\r\n\r\n# # medbootstraptools [END]"; // Write file file_put_contents($f4, $data4); } /* Basedomain END */ /* Robots BEGIN */ // Get file $robotsFile = PATH_site . 'fileadmin/templates/ts/setup/StandardConfig_setup.ts'; // Open file $robotsFileContent = file_get_contents($robotsFile); // Add data $robotsFileContent = "" . $robotsFileContent . "\r\n\r\n# # medbootstraptools [BEGIN]\r\n\r\n[globalVar = IENV:HTTP_HOST = " . $httpHost . "]\r\n\r\npage.meta.robots = noindex, nofollow\r\n\r\n[globalVar = IENV:HTTP_HOST = " . $httpHostPreview . "]\r\n\r\npage.meta.robots = noindex, nofollow\r\n\r\n[globalVar = IENV:HTTP_HOST = " . $httpHostLive . "]\r\n\r\npage.meta.robots = index, follow\r\n\r\n[global]\r\n\r\n# # medbootstraptools [END]"; // Write file file_put_contents($robotsFile, $robotsFileContent); /* Robots END */ /* Responsive or not BEGIN */ if ($_POST['project_responsive'] != "on") { $resp = PATH_site . 'fileadmin/templates/ts/setup/CSSIncludes_setup.ts'; $dataResp = file_get_contents($resp); $dataResp = str_replace("bootstrap-responsive", "no-responsive", $dataResp); file_put_contents($resp, $dataResp); // Rename t3bootstrap responsive $t3bootstrapResp = PATH_site . 'fileadmin/templates/default/less/t3bootstrap-responsive.less'; rename($t3bootstrapResp, $t3bootstrapResp . '_doNotUse'); // File $lessConfigFile = PATH_site . 'fileadmin/templates/ts/setup/Extensions_setup.ts'; // Get content $lessConfigFileContent = file_get_contents($lessConfigFile); // Remove LESS config for responsive CSS file $lessConfigFileContent = preg_replace('/t3bootstrap-responsive {[^{}]*}/', '', $lessConfigFileContent); // Write file file_put_contents($lessConfigFile, $lessConfigFileContent); } /* Responsive or not END */ /* Install Tool password BEGIN */ $localconfFile = PATH_site . 'typo3conf/new_localconf.php'; $localconfData = file_get_contents($localconfFile); $newInstallPassword = $this->generatePW(); $localConfContent = "// Updated by medbootstraptools " . date("d.m.y", time()) . " " . date("H:i:s", time()) . "\n\$TYPO3_CONF_VARS['BE']['installToolPassword'] = '******';"; $localconfData = str_replace("?>", "\n" . $localConfContent . "\n?>", $localconfData); file_put_contents($localconfFile, $localconfData); /* Install Tool password END */ /* Update site name BEGIN */ // Get localconf $data = file_get_contents($localconfFile); $data = str_replace("\$TYPO3_CONF_VARS['SYS']['sitename'] = '" . ucfirst($projectDir) . "';", "\$TYPO3_CONF_VARS['SYS']['sitename'] = '" . ucfirst($projectNameUpper) . "';", $data); // Write file file_put_contents($localconfFile, $data); /* Update site name END */ /* Settings LIVE/PREVIEW server BEGIN */ // Get file $settingsFile = PATH_typo3conf . 'settings.php'; // Get settings $server = $_POST['live_server']; $host = $_POST['live_host']; $username = $_POST['live_username']; $dbPassword = $_POST['live_password']; $database = $_POST['live_database']; $imPath = $_POST['live_impath']; $previewServer = $_POST['preview_server']; $previewHost = $_POST['preview_host']; $previewUsername = $_POST['preview_username']; $previewDbPassword = $_POST['preview_password']; $previewDatabase = $_POST['preview_database']; $previewImPath = $_POST['preview_impath']; // Get content if (!$server && !$host && !$username && !$dbPassword && !$database && !$previewServer && !$previewHost && !$previewUsername && !$previewDbPassword && !$previewDatabase && !$imPath && !$previewImPath) { $settingsContent = "<?php\r\n\$TYPO3_CONF_VARS['GFX']['im_path_lzw'] = '/usr/local/bin/';\r\n\$TYPO3_CONF_VARS['GFX']['im_path'] = '/usr/local/bin/';\r\n?>"; } else { $settingsContent = "<?php\r\n\tif(\$_SERVER['SERVER_NAME'] == '" . $server . "') {\r\n\t\t\$typo_db_username = '******';\r\n\t\t\$typo_db_password = '******';\r\n\t\t\$typo_db_host = '" . $host . "';\r\n\t\t\$typo_db = '" . $database . "';\r\n\t\t\$TYPO3_CONF_VARS['GFX']['im_path_lzw'] = '" . $imPath . "';\r\n\t\t\$TYPO3_CONF_VARS['GFX']['im_path'] = '" . $imPath . "';\r\n\t}\r\n\telse if(\$_SERVER['SERVER_NAME'] == '" . $previewServer . "') {\r\n\t\t\$typo_db_username = '******';\r\n\t\t\$typo_db_password = '******';\r\n\t\t\$typo_db_host = '" . $previewHost . "';\r\n\t\t\$typo_db = '" . $previewDatabase . "';\r\n\t\t\$TYPO3_CONF_VARS['GFX']['im_path_lzw'] = '" . $previewImPath . "';\r\n\t\t\$TYPO3_CONF_VARS['GFX']['im_path'] = '" . $previewImPath . "';\r\n\t}\r\n?>"; } file_put_contents($settingsFile, $settingsContent); /* Settings LIVE/PREVIEW server END */ /* Import database BEGIN */ /** * @todo Replace @mysql_connect, as TYPO3 Backend is already connected; change import script class */ // Connect to database $connection = @mysql_connect(TYPO3_db_host, TYPO3_db_username, TYPO3_db_password); // Get SQL file $filename = PATH_typo3conf . 'ext/medbootstraptools/mod1/sql/t3bootstrap.sql'; $compress = false; $dump = new phpMyImporter(TYPO3_db, $connection, $filename, $compress); $dump->utf8 = true; // Uses UTF8 connection with MySQL server, default: true $dump->doImport(); /* Clear sys_log and be_sessions table after import [BEGIN] */ mysql_query("TRUNCATE TABLE sys_log"); //mysql_query("TRUNCATE TABLE be_sessions"); /* Clear sys_log and be_sessions table after import [END] */ /* Import database END */ /* Update contact form BEGIN */ $email = $_POST['project_email']; $GLOBALS['TYPO3_DB']->sql_query("UPDATE tt_content SET pi_flexform = REPLACE(pi_flexform, '*****@*****.**', '" . $email . "') WHERE uid=103"); $GLOBALS['TYPO3_DB']->sql_query("UPDATE tt_content SET pi_flexform = REPLACE(pi_flexform, '" . ucfirst($projectDirUpper) . "', '" . ucfirst($projectNameUpper) . "') WHERE uid=103"); /* Update contact form END */ /* Templavoilà BEGIN */ $GLOBALS['TYPO3_DB']->sql_query("UPDATE tx_templavoila_datastructure SET belayout = REPLACE(belayout, '" . $projectDir . "', '" . $projectName . "') WHERE uid=1"); $GLOBALS['TYPO3_DB']->sql_query("UPDATE tx_templavoila_tmplobj SET fileref = REPLACE(fileref, '" . $projectDir . "', '" . $projectName . "') WHERE uid=1"); $GLOBALS['TYPO3_DB']->sql_query("UPDATE tx_templavoila_tmplobj SET fileref_md5 = MD5(fileref) WHERE uid=1"); /* Templavoilà BEGIN */ /* Update page ID 1 BEGIN */ $updateArrayMod = array('tx_medbootstraptools_bootstrapconfig' => 1, 'title' => ucfirst($projectNameUpper)); $resMod = $GLOBALS['TYPO3_DB']->exec_UPDATEquery('pages', 'uid=1', $updateArrayMod); /* Update page ID 1 END */ /* Update user group ID 2 BEGIN */ $updateArrayUser = array('title' => ucfirst($projectNameUpper) . ' ' . $GLOBALS['LANG']->getLL('admin'), 'description' => ucfirst($projectNameUpper) . ' ' . $GLOBALS['LANG']->getLL('adminUserGroup')); $resMod = $GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_groups', 'uid=2', $updateArrayUser); /* Update user group ID 2 END */ /* Update user group ID 3 BEGIN */ $updateArrayUser2 = array('title' => ucfirst($projectNameUpper) . ' ' . $GLOBALS['LANG']->getLL('editor'), 'description' => ucfirst($projectNameUpper) . ' ' . $GLOBALS['LANG']->getLL('editorUserGroup')); $resMod2 = $GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_groups', 'uid=3', $updateArrayUser2); /* Update user group ID 3 END */ /* Create backend users BEGIN */ $beUsers = explode("\n", trim($_POST['project_beusers'])); if ($_POST['project_beusers']) { $beUsersFinal = array(); foreach ($beUsers as $beUser) { $beUsersFinal[] = trim($beUser); } $beUsers = $beUsersFinal; foreach ($beUsers as $beUser) { $userData = explode(",", $beUser); if ($userData[0] != 'admin') { $insertArray = array('username' => trim(str_replace('"', '', stripslashes($userData[0]))), 'admin' => trim(str_replace('"', '', stripslashes($userData[5]))), 'realName' => trim(str_replace('"', '', stripslashes($userData[1]))), 'email' => trim(str_replace('"', '', stripslashes($userData[2]))), 'lang' => trim(str_replace('"', '', stripslashes($userData[3]))), 'tstamp' => time(), 'crdate' => time(), 'usergroup' => trim(str_replace('"', '', stripslashes($userData[4])))); } $resBeUser = $GLOBALS['TYPO3_DB']->exec_INSERTquery('be_users', $insertArray); } } /* Create backend users END */ /* Backend user passwords BEGIN */ // Create 10 passwords $passwordArr = array(); for ($i = 1; $i <= 10; $i++) { $passwordArr[] = $this->generatePW(); } // Get all be_users $resUsers = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid,username', 'be_users', 'disable=0 AND deleted=0', '', '', ''); $i = 0; $passwordArrWithUsername = array(); while ($rowUsers = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($resUsers)) { $passwordArrWithUsername[$rowUsers['username']] = $passwordArr[$i]; // Create salted password $password = $passwordArr[$i]; // plain-text password $saltedPassword = ''; if (t3lib_extMgm::isLoaded('saltedpasswords')) { if (tx_saltedpasswords_div::isUsageEnabled('FE')) { $objSalt = tx_saltedpasswords_salts_factory::getSaltingInstance(NULL); if (is_object($objSalt)) { $saltedPassword = $objSalt->getHashedPassword($password); } } } else { $saltedPassword = $password; } $updateArray = array('password' => $saltedPassword); $res = $GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_users', 'uid=' . $rowUsers['uid'], $updateArray); $i++; } /* Backend user passwords END */ /* Switch localconf BEGIN */ // Clear temp files foreach (glob(PATH_typo3conf . "temp_*.php") as $filename) { unlink($filename); } // Get files $localconfFileAct = PATH_typo3conf . 'localconf.php'; $localconfFileOld = PATH_typo3conf . 'old_localconf.php'; $localconfFileNew = PATH_typo3conf . 'new_localconf.php'; // Include localconf to get database connection for new localconf file // Open new_localconf.php $localconfFileNewContent = file_get_contents($localconfFileNew); $localconfFileNewContent = str_replace(array("\$typo_db_username = '';", "\$typo_db_password = '';", "\$typo_db_host = '';", "\$typo_db = '';"), array("\$typo_db_username = '******';", "\$typo_db_password = '******';", "\$typo_db_host = '" . TYPO3_db_host . "';", "\$typo_db = '" . TYPO3_db . "';"), $localconfFileNewContent); file_put_contents($localconfFileNew, $localconfFileNewContent); // Rename files rename($localconfFileAct, $localconfFileOld); rename($localconfFileNew, $localconfFileAct); /* Switch localconf END */ // Success message $successMessageContent = '<h3>' . $GLOBALS['LANG']->getLL('configSaved') . '</h3>'; $successMessageContent .= '<p><br /><b>' . $GLOBALS['LANG']->getLL('backendPasses') . '</b><br />'; $c = 0; foreach ($passwordArrWithUsername as $pKey => $pVal) { if ($c == 0) { $successMessageContent .= $pKey . ': ' . $pVal; } else { $successMessageContent .= '<br />' . $pKey . ': ' . $pVal; } $c++; } $successMessageContent .= '</p>'; $successMessageContent .= '<p><br /><b>' . $GLOBALS['LANG']->getLL('installToolPassword') . '</b><br />' . $newInstallPassword . '</p>'; // Import SQL $successMessageContent .= '<p><br /><b>' . $GLOBALS['LANG']->getLL('database') . '</b><br />' . $GLOBALS['LANG']->getLL('databaseSuccess') . '</p>'; $content = '<div class="alert alert-success">' . $successMessageContent . '</div>'; $this->content .= $this->doc->section($GLOBALS['LANG']->getLL('title'), $content, 0, 1); // Clear typo3temp folder recursively $this->emptyDirectory(PATH_site . 'typo3temp/Cache/Code'); } } } } } else { // Check if module has already been deactivated $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('tx_medbootstraptools_bootstrapconfig', 'pages', 'uid=1', '', '', ''); $row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res); if ($row['tx_medbootstraptools_bootstrapconfig'] == 1) { $content = '<p><b>' . $GLOBALS['LANG']->getLL('configAlready') . '</b></p>'; } else { $content = ' <form method="post" action=""> <div class="settings"> <h4>' . $GLOBALS['LANG']->getLL('generalSettings') . '</h4> <label>' . $GLOBALS['LANG']->getLL('projectName') . '</label> <input type="text" name="project_name" value="' . $projectDir . '"> <label>' . $GLOBALS['LANG']->getLL('basedomainDE') . '</label> <input type="text" placeholder="http://subdomain.domain.de/" name="project_basedomainde" class="input-middle"> <label>' . $GLOBALS['LANG']->getLL('basedomainEN') . '</label> <input type="text" placeholder="http://subdomain.domain.de/en/" name="project_basedomainen" class="input-middle"> <label>' . $GLOBALS['LANG']->getLL('httpHost') . '</label> <input type="text" name="project_httphost" placeholder="subdomain.domain.de"> <label>' . $GLOBALS['LANG']->getLL('copyrightNotice') . '</label> <input type="text" class="input-long" placeholder="' . $GLOBALS['LANG']->getLL('copyrightDefault') . '" name="project_copyright"> <label>' . $GLOBALS['LANG']->getLL('email') . '</label> <input type="text" name="project_email" placeholder="*****@*****.**"> <label>' . $GLOBALS['LANG']->getLL('adminUser') . ' <i>' . $GLOBALS['LANG']->getLL('adminUserInfo') . '</i>:</label> <textarea cols="5" rows="10" class="textarea-beusers" name="project_beusers"></textarea> <label>' . $GLOBALS['LANG']->getLL('responsive') . '</label> <input type="checkbox" name="project_responsive" checked="checked"> <h4>' . $GLOBALS['LANG']->getLL('databaseConnectionPreview') . '</h4> <label>' . $GLOBALS['LANG']->getLL('basedomainDE') . '</label> <input type="text" placeholder="http://subdomain.domain.de/" name="preview_basedomainde" class="input-middle"> <label>' . $GLOBALS['LANG']->getLL('basedomainEN') . '</label> <input type="text" placeholder="http://subdomain.domain.de/en/" name="preview_basedomainen" class="input-middle"> <label>' . $GLOBALS['LANG']->getLL('httpHost') . '</label> <input type="text" name="preview_httphost" placeholder="subdomain.domain.de"> <label>' . $GLOBALS['LANG']->getLL('serverName') . '</label> <input type="text" name="preview_server" placeholder="domain.de"> <label>' . $GLOBALS['LANG']->getLL('username') . '</label> <input type="text" name="preview_username" autocomplete="off"> <label>' . $GLOBALS['LANG']->getLL('password') . '</label> <input type="password" name="preview_password" autocomplete="off"> <label>' . $GLOBALS['LANG']->getLL('host') . '</label> <input type="text" name="preview_host"> <label>' . $GLOBALS['LANG']->getLL('database') . '</label> <input type="text" name="preview_database"> <label>' . $GLOBALS['LANG']->getLL('imageMagickPath') . '</label> <input type="text" name="preview_impath" placeholder="/usr/local/bin/"> <h4>' . $GLOBALS['LANG']->getLL('databaseConnection') . '</h4> <label>' . $GLOBALS['LANG']->getLL('basedomainDE') . '</label> <input type="text" placeholder="http://subdomain.domain.de/" name="live_basedomainde" class="input-middle"> <label>' . $GLOBALS['LANG']->getLL('basedomainEN') . '</label> <input type="text" placeholder="http://subdomain.domain.de/en/" name="live_basedomainen" class="input-middle"> <label>' . $GLOBALS['LANG']->getLL('httpHost') . '</label> <input type="text" name="live_httphost" placeholder="subdomain.domain.de"> <label>' . $GLOBALS['LANG']->getLL('serverName') . '</label> <input type="text" name="live_server" placeholder="domain.de"> <label>' . $GLOBALS['LANG']->getLL('username') . '</label> <input type="text" name="live_username" autocomplete="off"> <label>' . $GLOBALS['LANG']->getLL('password') . '</label> <input type="password" name="live_password" autocomplete="off"> <label>' . $GLOBALS['LANG']->getLL('host') . '</label> <input type="text" name="live_host"> <label>' . $GLOBALS['LANG']->getLL('database') . '</label> <input type="text" name="live_database"> <label>' . $GLOBALS['LANG']->getLL('imageMagickPath') . '</label> <input type="text" name="live_impath" placeholder="/usr/local/bin/"> <input type="hidden" name="submit_config" value="1"> <p><a href="javascript:void(0);" class="btn btn-primary btn-submit">' . $GLOBALS['LANG']->getLL('save') . '</a></p> </div> </form> '; } $this->content .= $this->doc->section($GLOBALS['LANG']->getLL('title'), $content, 0, 1); } break; } }
/** * @test */ public function resettingFactoryInstanceSucceeds() { $defaultClassNameToUse = tx_saltedpasswords_div::getDefaultSaltingHashingMethod(); $saltedPW = ''; if ($defaultClassNameToUse == 'tx_saltedpasswords_salts_md5') { $saltedPW = '$P$CWF13LlG/0UcAQFUjnnS4LOqyRW43c.'; } else { $saltedPW = '$1$rasmusle$rISCgZzpwk3UhDidwXvin0'; } $this->objectInstance = tx_saltedpasswords_salts_factory::getSaltingInstance($saltedPW); // resetting $this->objectInstance = tx_saltedpasswords_salts_factory::getSaltingInstance(NULL); $this->assertTrue(get_class($this->objectInstance) == $defaultClassNameToUse || is_subclass_of($this->objectInstance, $defaultClassNameToUse)); }
/** * Checks the login data with the user record data for builtin login method. * * @param array user data array * @param array login data array * @param string login security level (optional) * @return boolean TRUE if login data matched */ function compareUident(array $user, array $loginData, $security_level = 'normal') { $validPasswd = FALSE; // could be merged; still here to clarify if (!strcmp(TYPO3_MODE, 'BE')) { $password = $loginData['uident_text']; } else { if (!strcmp(TYPO3_MODE, 'FE')) { $password = $loginData['uident_text']; } } // determine method used for given salted hashed password $this->objInstanceSaltedPW = tx_saltedpasswords_salts_factory::getSaltingInstance($user['password']); // existing record is in format of Salted Hash password if (is_object($this->objInstanceSaltedPW)) { $validPasswd = $this->objInstanceSaltedPW->checkPassword($password, $user['password']); // record is in format of Salted Hash password but authentication failed // skip further authentication methods if (!$validPasswd) { $this->authenticationFailed = TRUE; } $defaultHashingClassName = tx_saltedpasswords_div::getDefaultSaltingHashingMethod(); $skip = FALSE; // test for wrong salted hashing method if ($validPasswd && !(get_class($this->objInstanceSaltedPW) == $defaultHashingClassName) || is_subclass_of($this->objInstanceSaltedPW, $defaultHashingClassName)) { // instanciate default method class $this->objInstanceSaltedPW = tx_saltedpasswords_salts_factory::getSaltingInstance(NULL); $this->updatePassword(intval($user['uid']), array('password' => $this->objInstanceSaltedPW->getHashedPassword($password))); } if ($validPasswd && !$skip && $this->objInstanceSaltedPW->isHashUpdateNeeded($user['password'])) { $this->updatePassword(intval($user['uid']), array('password' => $this->objInstanceSaltedPW->getHashedPassword($password))); } // we process also clear-text, md5 and passwords updated by Portable PHP password hashing framework } else { if (!intval($this->extConf['forceSalted'])) { // stored password is in deprecated salted hashing method if (t3lib_div::inList('C$,M$', substr($user['password'], 0, 2))) { // instanciate default method class $this->objInstanceSaltedPW = tx_saltedpasswords_salts_factory::getSaltingInstance(substr($user['password'], 1)); // md5 if (!strcmp(substr($user['password'], 0, 1), 'M')) { $validPasswd = $this->objInstanceSaltedPW->checkPassword(md5($password), substr($user['password'], 1)); } else { $validPasswd = $this->objInstanceSaltedPW->checkPassword($password, substr($user['password'], 1)); } // skip further authentication methods if (!$validPasswd) { $this->authenticationFailed = TRUE; } // password is stored as md5 } else { if (preg_match('/[0-9abcdef]{32,32}/', $user['password'])) { $validPasswd = !strcmp(md5($password), $user['password']) ? TRUE : FALSE; // skip further authentication methods if (!$validPasswd) { $this->authenticationFailed = TRUE; } // password is stored plain or unrecognized format } else { $validPasswd = !strcmp($password, $user['password']) ? TRUE : FALSE; } } // should we store the new format value in DB? if ($validPasswd && intval($this->extConf['updatePasswd'])) { // instanciate default method class $this->objInstanceSaltedPW = tx_saltedpasswords_salts_factory::getSaltingInstance(NULL); $this->updatePassword(intval($user['uid']), array('password' => $this->objInstanceSaltedPW->getHashedPassword($password))); } } } return $validPasswd; }
<?php if (!defined('TYPO3_MODE')) { die('Access denied.'); } t3lib_div::loadTCA('fe_users'); $TCA['fe_users']['columns']['password']['config']['max'] = 60; if (tx_saltedpasswords_div::isUsageEnabled('FE')) { $TCA['fe_users']['columns']['password']['config']['eval'] = 'trim,required,tx_saltedpasswords_eval_fe,password'; } t3lib_div::loadTCA('be_users'); $TCA['be_users']['columns']['password']['config']['max'] = 60; if (tx_saltedpasswords_div::isUsageEnabled('BE')) { $TCA['be_users']['columns']['password']['config']['eval'] = 'trim,required,tx_saltedpasswords_eval_be,password'; // Prevent md5 hashing on client side via JS $GLOBALS['TYPO3_USER_SETTINGS']['columns']['password']['eval'] = ''; $GLOBALS['TYPO3_USER_SETTINGS']['columns']['password2']['eval'] = ''; }
protected function checkRequirements() { $content = ''; // Check if all required extensions are available if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF'][$this->extKey]['constraints']['depends'])) { $requiredExtensions = array_diff(array_keys($GLOBALS['TYPO3_CONF_VARS']['EXTCONF'][$this->extKey]['constraints']['depends']), array('php', 'typo3')); foreach ($requiredExtensions as $requiredExtension) { if (!t3lib_extMgm::isLoaded($requiredExtension)) { $message = sprintf($GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_required_extension_missing'), $requiredExtension); t3lib_div::sysLog($message, $this->extKey, t3lib_div::SYSLOG_SEVERITY_ERROR); $content .= sprintf($GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_check_requirements_frontend'), $message); } } } // Check if front end login security level is correctly set $supportedTransmissionSecurityLevels = $GLOBALS['TYPO3_CONF_VARS']['EXTCONF'][$this->extKey]['loginSecurityLevels']; if (!in_array($GLOBALS['TYPO3_CONF_VARS']['FE']['loginSecurityLevel'], $supportedTransmissionSecurityLevels)) { $message = $GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_login_security_level'); t3lib_div::sysLog($message, $this->extKey, t3lib_div::SYSLOG_SEVERITY_ERROR); $content .= sprintf($GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_check_requirements_frontend'), $message); } else { // Check if salted passwords are enabled in front end if (t3lib_extMgm::isLoaded('saltedpasswords')) { if (!tx_saltedpasswords_div::isUsageEnabled('FE')) { $message = $GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_salted_passwords_disabled'); t3lib_div::sysLog($message, $this->extKey, t3lib_div::SYSLOG_SEVERITY_ERROR); $content .= sprintf($GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_check_requirements_frontend'), $message); } else { // Check if we can get a salting instance $objSalt = tx_saltedpasswords_salts_factory::getSaltingInstance(NULL); if (!is_object($objSalt)) { // Could not get a salting instance from saltedpasswords $message = $GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_salted_passwords_no_instance'); t3lib_div::sysLog($message, $this->extKey, t3lib_div::SYSLOG_SEVERITY_ERROR); $content .= sprintf($GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_check_requirements_frontend'), $message); } } } // Check if we can get a backend from rsaauth if (t3lib_extMgm::isLoaded('rsaauth')) { // rsaauth in TYPO3 4.5 misses autoload if (!class_exists('tx_rsaauth_backendfactory')) { require_once t3lib_extMgm::extPath('rsaauth') . 'sv1/backends/class.tx_rsaauth_backendfactory.php'; require_once t3lib_extMgm::extPath('rsaauth') . 'sv1/storage/class.tx_rsaauth_storagefactory.php'; } $backend = tx_rsaauth_backendfactory::getBackend(); $storage = tx_rsaauth_storagefactory::getStorage(); if (!is_object($backend) || !$backend->isAvailable() || !is_object($storage)) { // Required RSA auth backend not available $message = $GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_rsaauth_backend_not_available'); t3lib_div::sysLog($message, $this->extKey, t3lib_div::SYSLOG_SEVERITY_ERROR); $content .= sprintf($GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_check_requirements_frontend'), $message); } } } return $content; }
private function isOldPasswordCorrect() { // Check old password $password = $GLOBALS['TYPO3_DB']->exec_SELECTgetSingleRow('password', 'fe_users', 'uid = ' . $this->config['userid'] . ' AND pid IN (' . $this->conf['pidList'] . ')'); $password = current($password); if (t3lib_extMgm::isLoaded('saltedpasswords') && tx_saltedpasswords_div::isUsageEnabled('FE')) { $instanceSalted = tx_saltedpasswords_salts_factory::getSaltingInstance(); } if ($instanceSalted && $instanceSalted->isValidSaltedPW($password)) { if (!$instanceSalted->checkPassword($this->piVars['oldpassword'], $password)) { return false; } } else { if (t3lib_extMgm::isLoaded('kb_md5fepw')) { if (strcmp(md5($this->piVars['oldpassword']), $password) != 0) { return false; } } else { if (strcmp($this->piVars['oldpassword'], $password) != 0) { return false; } } } return true; }