protected function createCliBeUser()
{
$db = $this->getDatabaseConnection();
$where = 'username = '******'_cli_lowlevel', 'be_users') . ' AND admin = 0';
$user = $db->exec_SELECTgetSingleRow('*', 'be_users', $where);
if ($user) {
if ($user['deleted'] || $user['disable']) {
$data = array('be_users' => array($user['uid'] => array('deleted' => 0, 'disable' => 0)));
/** @var \TYPO3\CMS\Core\DataHandling\DataHandler $dataHandler */
$dataHandler = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\DataHandling\\DataHandler');
$dataHandler->stripslashes_values = FALSE;
$dataHandler->start($data, array());
$dataHandler->process_datamap();
}
} else {
// Prepare necessary data for _cli_lowlevel user creation
$password = uniqid('scheduler', TRUE);
if (SaltedPasswordsUtility::isUsageEnabled()) {
$objInstanceSaltedPW = SaltFactory::getSaltingInstance();
$password = $objInstanceSaltedPW->getHashedPassword($password);
}
$data = array('be_users' => array('NEW' => array('username' => '_cli_lowlevel', 'password' => $password, 'pid' => 0)));
/** @var \TYPO3\CMS\Core\DataHandling\DataHandler $dataHandler */
$dataHandler = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\DataHandling\\DataHandler');
$dataHandler->stripslashes_values = FALSE;
$dataHandler->start($data, array());
$dataHandler->process_datamap();
// Check if a new uid was indeed generated (i.e. a new record was created)
// (counting DataHandler errors doesn't work as some failures don't report errors)
$numberOfNewIDs = count($dataHandler->substNEWwithIDs);
if ((int) $numberOfNewIDs !== 1) {
InstallerScripts::addFlashMessage('Failed to create _cli_lowlevel BE user.', 'BE user creation failed', AbstractMessage::WARNING);
}
}
}
/**
* Validation method
*
* @param mixed $password
*
* @return bool
*/
public function isValid($password)
{
$result = true;
if (!\Evoweb\SfRegister\Services\Login::isLoggedIn()) {
$this->addError(\TYPO3\CMS\Extbase\Utility\LocalizationUtility::translate('error_changepassword_notloggedin', 'SfRegister'), 1301599489);
$result = false;
} else {
$user = $this->userRepository->findByUid($GLOBALS['TSFE']->fe_user->user['uid']);
if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('saltedpasswords') && \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled('FE')) {
/** @var \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface $saltedPassword */
$saltedPassword = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($user->getPassword(), null);
if (!$saltedPassword->checkPassword($password, $user->getPassword())) {
$this->addError(\TYPO3\CMS\Extbase\Utility\LocalizationUtility::translate('error_changepassword_notequal', 'SfRegister'), 1301599507);
$result = false;
}
} elseif ($this->settings['encryptPassword'] === 'md5') {
if (md5($password) !== $user->getPassword()) {
$this->addError(\TYPO3\CMS\Extbase\Utility\LocalizationUtility::translate('error_changepassword_notequal', 'SfRegister'), 1301599507);
$result = false;
}
} elseif ($this->settings['encryptPassword'] === 'sha1') {
if (sha1($password) !== $user->getPassword()) {
$this->addError(\TYPO3\CMS\Extbase\Utility\LocalizationUtility::translate('error_changepassword_notequal', 'SfRegister'), 1301599507);
$result = false;
}
}
}
return $result;
}
/**
* Execute task
*
* @return bool
*/
public function execute()
{
$processedAllRecords = TRUE;
// For frontend and backend
foreach ($this->userRecordPointer as $mode => $pointer) {
// If saltedpasswords is active for frontend / backend
if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled($mode)) {
$usersToUpdate = $this->findUsersToUpdate($mode);
$numberOfRows = count($usersToUpdate);
if ($numberOfRows > 0) {
$processedAllRecords = FALSE;
$this->activateSelf();
$this->incrementUserRecordPointer($mode, $numberOfRows);
$this->convertPasswords($mode, $usersToUpdate);
}
}
}
if ($processedAllRecords) {
// Reset the user record pointer
$this->userRecordPointer = array('FE' => 0, 'BE' => 0);
// Determine if task should disable itself
if ($this->canDeactivateSelf) {
$this->deactivateSelf();
}
}
// Use save() of parent class \TYPO3\CMS\Scheduler\Task\AbstractTask to persist changed task variables
$this->save();
return TRUE;
}
/**
* Applies transformations to a given plain text password, e.g. hashing
*
* @param string $password
* @return string
*/
public function applyTransformations($password)
{
if (ExtensionManagementUtility::isLoaded('saltedpasswords')) {
if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled('FE')) {
$saltingInstance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance();
$password = $saltingInstance->getHashedPassword($password);
}
}
return $password;
}
public function setPassword($password)
{
if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled('FE')) {
$objSalt = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL);
if (is_object($objSalt)) {
$password = $objSalt->getHashedPassword($password);
}
}
parent::setPassword($password);
}
/**
* Adds the password hasher object to the context
*
* @param \Aimeos\MShop\Context\Item\Iface $context Context object
* @return \Aimeos\MShop\Context\Item\Iface Modified context object
*/
protected static function addHasher(\Aimeos\MShop\Context\Item\Iface $context)
{
if (isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['aimeos']['aimeos_context_hasher']) && is_callable($fcn = $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['aimeos']['aimeos_context_hasher'])) {
return $fcn($context);
}
if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('saltedpasswords') && \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled('FE')) {
$object = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance();
$context->setHasherTypo3($object);
}
return $context;
}
/**
* @return string
*/
protected function getSaltedPassword($password)
{
$saltedPassword = $password;
if (ExtensionManagementUtility::isLoaded('saltedpasswords')) {
if (SaltedPasswordsUtility::isUsageEnabled('FE')) {
$objSalt = SaltFactory::getSaltingInstance(NULL);
if (is_object($objSalt)) {
$saltedPassword = $objSalt->getHashedPassword($password);
}
}
}
return $saltedPassword;
}
/**
* Function uses Portable PHP Hashing Framework to create a proper password string if needed
*
* @param mixed $value The value that has to be checked.
* @param string $is_in Is-In String
* @param integer $set Determines if the field can be set (value correct) or not, e.g. if input is required but the value is empty, then $set should be set to FALSE. (PASSED BY REFERENCE!)
* @return The new value of the field
* @todo Define visibility
*/
public function evaluateFieldValue($value, $is_in, &$set)
{
$isEnabled = $this->mode ? \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled($this->mode) : \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled();
if ($isEnabled) {
$set = FALSE;
$isMD5 = preg_match('/[0-9abcdef]{32,32}/', $value);
$isSaltedHash = \TYPO3\CMS\Core\Utility\GeneralUtility::inList('$1$,$2$,$2a,$P$', substr($value, 0, 3));
$this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL, $this->mode);
if ($isMD5) {
$set = TRUE;
$value = 'M' . $this->objInstanceSaltedPW->getHashedPassword($value);
} elseif (!$isSaltedHash) {
$set = TRUE;
$value = $this->objInstanceSaltedPW->getHashedPassword($value);
}
}
return $value;
}
/**
* Obtains a salting hashing method instance.
*
* This function will return an instance of a class that implements
* tx_saltedpasswords_abstract_salts.
*
* Use parameter NULL to reset the factory!
*
* @param string $saltedHash (optional) Salted hashed password to determine the type of used method from or NULL to reset the factory
* @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
* @return tx_saltedpasswords_abstract_salts an instance of salting hashing method object
*/
public static function getSaltingInstance($saltedHash = '', $mode = TYPO3_MODE)
{
// Creating new instance when
// * no instance existing
// * a salted hash given to determine salted hashing method from
// * a NULL parameter given to reset instance back to default method
if (!is_object(self::$instance) || !empty($saltedHash) || is_NULL($saltedHash)) {
// Determine method by checking the given hash
if (!empty($saltedHash)) {
$result = self::determineSaltingHashingMethod($saltedHash);
if (!$result) {
self::$instance = NULL;
}
} else {
$classNameToUse = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod($mode);
$availableClasses = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods'];
self::$instance = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($availableClasses[$classNameToUse], 'tx_');
}
}
return self::$instance;
}
/**
* Function uses Portable PHP Hashing Framework to create a proper password string if needed
*
* @param mixed $value The value that has to be checked.
* @param string $is_in Is-In String
* @param bool $set Determines if the field can be set (value correct) or not, e.g. if input is required but the value is empty, then $set should be set to FALSE. (PASSED BY REFERENCE!)
* @return string The new value of the field
*/
public function evaluateFieldValue($value, $is_in, &$set)
{
$isEnabled = $this->mode ? \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled($this->mode) : \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled();
if ($isEnabled) {
$isMD5 = preg_match('/[0-9abcdef]{32,32}/', $value);
$isDeprecatedSaltedHash = \TYPO3\CMS\Core\Utility\GeneralUtility::inList('C$,M$', substr($value, 0, 2));
/** @var $objInstanceSaltedPW \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface */
$objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL, $this->mode);
if ($isMD5) {
$set = TRUE;
$value = 'M' . $objInstanceSaltedPW->getHashedPassword($value);
} else {
// Determine method used for the (possibly) salted hashed password
$tempValue = $isDeprecatedSaltedHash ? substr($value, 1) : $value;
$tempObjInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($tempValue);
if (!is_object($tempObjInstanceSaltedPW)) {
$set = TRUE;
$value = $objInstanceSaltedPW->getHashedPassword($value);
}
}
}
return $value;
}
/**
* This method creates the "cli_scheduler" BE user if it doesn't exist
*
* @return void
*/
protected function createSchedulerUser()
{
// Check _cli_scheduler user status
$checkUser = $this->checkSchedulerUser();
// Prepare default message
$message = $this->getLanguageService()->getLL('msg.userExists');
$severity = FlashMessage::WARNING;
// If the user does not exist, try creating it
if ($checkUser == -1) {
// Prepare necessary data for _cli_scheduler user creation
$password = StringUtility::getUniqueId('scheduler');
if (SaltedPasswordsUtility::isUsageEnabled()) {
$objInstanceSaltedPW = SaltFactory::getSaltingInstance();
$password = $objInstanceSaltedPW->getHashedPassword($password);
}
$data = array('be_users' => array('NEW' => array('username' => '_cli_scheduler', 'password' => $password, 'pid' => 0)));
/** @var $tcemain \TYPO3\CMS\Core\DataHandling\DataHandler */
$tcemain = GeneralUtility::makeInstance(\TYPO3\CMS\Core\DataHandling\DataHandler::class);
$tcemain->start($data, array());
$tcemain->process_datamap();
// Check if a new uid was indeed generated (i.e. a new record was created)
// (counting TCEmain errors doesn't work as some failures don't report errors)
$numberOfNewIDs = count($tcemain->substNEWwithIDs);
if ($numberOfNewIDs === 1) {
$message = $this->getLanguageService()->getLL('msg.userCreated');
$severity = FlashMessage::OK;
} else {
$message = $this->getLanguageService()->getLL('msg.userNotCreated');
$severity = FlashMessage::ERROR;
}
}
$this->addMessage($message, $severity);
}
<?php
defined('TYPO3_MODE') or die();
$GLOBALS['TCA']['fe_users']['columns']['password']['config']['max'] = 100;
if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled('FE')) {
// Get eval field operations methods as array keys
$operations = array_flip(\TYPO3\CMS\Core\Utility\GeneralUtility::trimExplode(',', $GLOBALS['TCA']['fe_users']['columns']['password']['config']['eval'], TRUE));
// Remove md5 and temporary password from the list of evaluated methods
unset($operations['md5'], $operations['password']);
// Append new methods to have "password" as last operation.
$operations['TYPO3\\CMS\\Saltedpasswords\\Evaluation\\FrontendEvaluator'] = 1;
$operations['password'] = 1;
$GLOBALS['TCA']['fe_users']['columns']['password']['config']['eval'] = implode(',', array_keys($operations));
unset($operations);
}
/**
* Parses mapping settings and builds an array holding the query fields information.
*
* @return array The query fields
*/
protected function parseFields()
{
$queryFields = [];
//parse mapping
foreach ($this->settings['fields.'] as $fieldname => $options) {
$fieldname = str_replace('.', '', $fieldname);
if (isset($options) && is_array($options)) {
if (!isset($options['special'])) {
$mapping = $options['mapping'];
//if no mapping default to the name of the form field
if (!$mapping) {
$mapping = $fieldname;
}
$fieldValue = $this->utilityFuncs->getGlobal($mapping, $this->gp);
//pre process the field value. e.g. to format a date
if (isset($options['preProcessing.']) && is_array($options['preProcessing.'])) {
if (!isset($options['preProcessing.']['value'])) {
$options['preProcessing.']['value'] = $fieldValue;
}
$fieldValue = $this->utilityFuncs->getSingle($options, 'preProcessing');
}
if (isset($options['mapping.']) && is_array($options['mapping.'])) {
if (!isset($options['mapping.']['value'])) {
$options['mapping.']['value'] = $fieldValue;
}
$fieldValue = $this->utilityFuncs->getSingle($options, 'mapping');
}
//process empty value handling
if (isset($options['ifIsEmpty']) && strlen($fieldValue) === 0) {
$fieldValue = $this->utilityFuncs->getSingle($options, 'ifIsEmpty');
}
if (intval($this->utilityFuncs->getSingle($options, 'zeroIfEmpty')) === 1 && strlen($fieldValue) === 0) {
$fieldValue = 0;
}
//process array handling
if (is_array($fieldValue)) {
$separator = ',';
if ($options['separator']) {
$separator = $this->utilityFuncs->getSingle($options, 'separator');
}
$fieldValue = implode($separator, $fieldValue);
}
//process uploaded files
$files = $this->globals->getSession()->get('files');
if (isset($files[$fieldname]) && is_array($files[$fieldname])) {
$fieldValue = $this->getFileList($files, $fieldname);
}
} else {
switch ($options['special']) {
case 'saltedpassword':
$field = $this->utilityFuncs->getSingle($options['special.'], 'field');
$saltedpasswords = SaltedPasswordsUtility::returnExtConf();
$tx_saltedpasswords = GeneralUtility::makeInstance($saltedpasswords['saltedPWHashingMethod']);
$encryptedPassword = $tx_saltedpasswords->getHashedPassword($this->gp[$field]);
$fieldValue = $encryptedPassword;
break;
case 'files':
$field = $this->utilityFuncs->getSingle($options['special.'], 'field');
if (isset($options['special.']['separator'])) {
$separator = $this->utilityFuncs->getSingle($options['special.'], 'separator');
} else {
$separator = ',';
}
$filesArray = [];
if (isset($options['special.']['info'])) {
$info = $this->utilityFuncs->getSingle($options['special.'], 'info');
} else {
$info = '[uploaded_name]';
}
$files = $this->globals->getSession()->get('files');
if (isset($files[$field]) && is_array($files[$field])) {
foreach ($files[$field] as $idx => $file) {
$infoString = $info;
foreach ($file as $infoKey => $infoValue) {
$infoString = str_replace('[' . $infoKey . ']', $infoValue, $infoString);
}
array_push($filesArray, $infoString);
}
}
if (isset($options['special.']['index'])) {
$index = $this->utilityFuncs->getSingle($options['special.'], 'index');
if (isset($filesArray[$index])) {
$fieldValue = $filesArray[$index];
}
} else {
$fieldValue = implode($separator, $filesArray);
}
break;
case 'date':
$field = $this->utilityFuncs->getSingle($options['special.'], 'field');
$date = $this->gp[$field];
$dateFormat = 'Y-m-d';
if ($options['special.']['dateFormat']) {
$dateFormat = $this->utilityFuncs->getSingle($options['special.'], 'dateFormat');
} elseif ($options['special.']['format']) {
$dateFormat = $this->utilityFuncs->getSingle($options['special.'], 'format');
}
$fieldValue = $this->utilityFuncs->dateToTimestamp($date, $dateFormat);
break;
case 'datetime':
if (version_compare(PHP_VERSION, '5.3.0') < 0) {
$this->utilityFuncs->throwException('error_datetime');
}
$field = $this->utilityFuncs->getSingle($options['special.'], 'field');
$date = $this->gp[$field];
$dateFormat = 'Y-m-d H:i:s';
if ($options['special.']['dateFormat']) {
$dateFormat = $this->utilityFuncs->getSingle($options['special.'], 'dateFormat');
} elseif ($options['special.']['format']) {
$dateFormat = $this->utilityFuncs->getSingle($options['special.'], 'format');
}
$fieldValue = $this->utilityFuncs->dateToTimestamp($date, $dateFormat);
break;
case 'sub_datetime':
$dateFormat = 'Y-m-d H:i:s';
if ($options['special.']['dateFormat']) {
$dateFormat = $this->utilityFuncs->getSingle($options['special.'], 'dateFormat');
} elseif ($options['special.']['format']) {
$dateFormat = $this->utilityFuncs->getSingle($options['special.'], 'format');
}
$fieldValue = date($dateFormat, time());
break;
case 'sub_tstamp':
$fieldValue = time();
break;
case 'ip':
$fieldValue = GeneralUtility::getIndpEnv('REMOTE_ADDR');
break;
case 'inserted_uid':
$table = $this->utilityFuncs->getSingle($options['special.'], 'table');
if (is_array($this->gp['saveDB'])) {
foreach ($this->gp['saveDB'] as $idx => $info) {
if ($info['table'] === $table) {
$fieldValue = $info['uid'];
}
}
}
break;
}
}
} else {
$fieldValue = $options;
}
//post process the field value after formhandler did it's magic.
if (isset($options['postProcessing.']) && is_array($options['postProcessing.'])) {
if (!isset($options['postProcessing.']['value'])) {
$options['postProcessing.']['value'] = $fieldValue;
}
$fieldValue = $this->utilityFuncs->getSingle($options, 'postProcessing');
}
$queryFields[$fieldname] = $fieldValue;
if (intval($this->utilityFuncs->getSingle($options, 'nullIfEmpty')) === 1 && strlen($queryFields[$fieldname]) == 0) {
unset($queryFields[$fieldname]);
}
}
return $queryFields;
}
/**
* encrypt password
* @param string $password password
*/
public function encryptPassword($password)
{
if (SaltedPasswordsUtility::isUsageEnabled() && $password != '') {
$password = SaltFactory::getSaltingInstance(null)->getHashedPassword($password);
$this->setValue($password);
}
}
/**
* Method tries to determine the salting hashing method used for given salt.
*
* Method implicitly sets the instance of the found method object in the class property when found.
*
* @param string $saltedHash
* @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for
* @return bool TRUE, if salting hashing method has been found, otherwise FALSE
*/
public static function determineSaltingHashingMethod($saltedHash, $mode = TYPO3_MODE)
{
$registeredMethods = static::getRegisteredSaltedHashingMethods();
$defaultClassName = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod($mode);
$defaultReference = $registeredMethods[$defaultClassName];
unset($registeredMethods[$defaultClassName]);
// place the default method first in the order
$registeredMethods = array($defaultClassName => $defaultReference) + $registeredMethods;
$methodFound = false;
foreach ($registeredMethods as $method) {
$objectInstance = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($method);
if ($objectInstance instanceof SaltInterface) {
$methodFound = $objectInstance->isValidSaltedPW($saltedHash);
if ($methodFound) {
self::$instance = $objectInstance;
break;
}
}
}
return $methodFound;
}
/**
* Checks whether the Install Tool password is set to its default value.
*
* @return \TYPO3\CMS\Reports\Status An object representing the security of the saltedpassswords extension
*/
protected function getSaltedPasswordsStatus()
{
$value = $GLOBALS['LANG']->getLL('status_ok');
$message = '';
$severity = \TYPO3\CMS\Reports\Status::OK;
/** @var \TYPO3\CMS\Saltedpasswords\Utility\ExtensionManagerConfigurationUtility $configCheck */
$configCheck = GeneralUtility::makeInstance('TYPO3\\CMS\\Saltedpasswords\\Utility\\ExtensionManagerConfigurationUtility');
$message = '<p>' . $GLOBALS['LANG']->getLL('status_saltedPasswords_infoText') . '</p>';
$messageDetail = '';
$flashMessage = $configCheck->checkConfigurationBackend(array(), new \TYPO3\CMS\Core\TypoScript\ConfigurationForm());
if (strpos($flashMessage, 'message-error') !== FALSE) {
$value = $GLOBALS['LANG']->getLL('status_insecure');
$severity = \TYPO3\CMS\Reports\Status::ERROR;
$messageDetail .= $flashMessage;
}
if (strpos($flashMessage, 'message-warning') !== FALSE) {
$severity = \TYPO3\CMS\Reports\Status::WARNING;
$messageDetail .= $flashMessage;
}
if (strpos($flashMessage, 'message-information') !== FALSE) {
$messageDetail .= $flashMessage;
}
$unsecureUserCount = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getNumberOfBackendUsersWithInsecurePassword();
if ($unsecureUserCount > 0) {
$value = $GLOBALS['LANG']->getLL('status_insecure');
$severity = \TYPO3\CMS\Reports\Status::ERROR;
$messageDetail .= '<div class="typo3-message message-warning">' . $GLOBALS['LANG']->getLL('status_saltedPasswords_notAllPasswordsHashed') . '</div>';
}
$message .= $messageDetail;
if (empty($messageDetail)) {
$message = '';
}
return GeneralUtility::makeInstance('TYPO3\\CMS\\Reports\\Status', $GLOBALS['LANG']->getLL('status_saltedPasswords'), $value, $message, $severity);
}
/**
* @test
*/
public function resettingFactoryInstanceSucceeds()
{
$defaultClassNameToUse = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod();
if ($defaultClassNameToUse == 'TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt') {
$saltedPW = '$P$CWF13LlG/0UcAQFUjnnS4LOqyRW43c.';
} else {
$saltedPW = '$1$rasmusle$rISCgZzpwk3UhDidwXvin0';
}
$this->objectInstance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($saltedPW);
// resetting
$this->objectInstance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL);
$this->assertTrue(get_class($this->objectInstance) == $defaultClassNameToUse || is_subclass_of($this->objectInstance, $defaultClassNameToUse));
}
function setPassword($password)
{
$this->data['password'] = $password;
$this->data['tx_mmforum_md5'] = md5($password);
$objPHPass = null;
if (ExtensionManagementUtility::isLoaded('t3sec_saltedpw')) {
require_once ExtensionManagementUtility::extPath('t3sec_saltedpw') . 'res/staticlib/class.tx_t3secsaltedpw_div.php';
if (tx_t3secsaltedpw_div::isUsageEnabled()) {
require_once ExtensionManagementUtility::extPath('t3sec_saltedpw') . 'res/lib/class.tx_t3secsaltedpw_phpass.php';
$objPHPass = GeneralUtility::makeInstance('tx_t3secsaltedpw_phpass');
}
}
if (!$objPHPass && ExtensionManagementUtility::isLoaded('saltedpasswords')) {
if (SaltedPasswordsUtility::isUsageEnabled()) {
$objPHPass = GeneralUtility::makeInstance(SaltedPasswordsUtility::getDefaultSaltingHashingMethod());
}
}
if ($objPHPass) {
$this->data['password'] = $objPHPass->getHashedPassword($password);
} else {
if (ExtensionManagementUtility::isLoaded('kb_md5fepw')) {
//if kb_md5fepw is installed, crypt password
$this->data['password'] = md5($password);
}
}
}
/**
* Function uses Portable PHP Hashing Framework to create a proper password string if needed
*
* @param mixed $value The value that has to be checked.
* @param string $is_in Is-In String
* @param integer $set Determines if the field can be set (value correct) or not, e.g. if input is required but the value is empty, then $set should be set to FALSE. (PASSED BY REFERENCE!)
* @return string The new value of the field
*/
public function evaluateFieldValue($value, $is_in, &$set)
{
$confArr = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['be_secure_pw']);
// create tce object for logging
/** @var \TYPO3\CMS\Core\DataHandling\DataHandler $tce */
$tce = Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\DataHandling\\DataHandler');
$tce->BE_USER = $GLOBALS['BE_USER'];
// get the languages from ext
/** @var \TYPO3\CMS\Lang\LanguageService $languageService */
$languageService = Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Lang\\LanguageService');
$languageService->init($tce->BE_USER->uc['lang']);
$languageService->includeLLFile('EXT:be_secure_pw/Resources/Private/Language/locallang.xml');
/** @var boolean $noMD5 return variable as md5 hash if saltedpasswords isn't enabled */
$noMD5 = FALSE;
$set = TRUE;
if (Utility\ExtensionManagementUtility::isLoaded('saltedpasswords')) {
if (SaltedPasswordsUtility::isUsageEnabled('BE')) {
$noMD5 = TRUE;
}
}
$isMD5 = preg_match('/[0-9abcdef]{32,32}/', $value);
// if $value is a md5 hash, return the value directly
if ($isMD5 && $noMD5) {
return $value;
}
// check for password length
$passwordLength = (int) $confArr['passwordLength'];
if ($confArr['passwordLength'] && $passwordLength) {
if (strlen($value) < $confArr['passwordLength']) {
$set = FALSE;
/* password too short */
$tce->log('be_users', 0, 5, 0, 1, $languageService->getLL('shortPassword'), FALSE, array($passwordLength));
}
}
$counter = 0;
$notUsed = array();
// check for lowercase characters
if ($confArr['lowercaseChar']) {
if (preg_match("/[a-z]/", $value) > 0) {
$counter++;
} else {
$notUsed[] = $languageService->getLL('lowercaseChar');
}
}
// check for capital characters
if ($confArr['capitalChar']) {
if (preg_match("/[A-Z]/", $value) > 0) {
$counter++;
} else {
$notUsed[] = $languageService->getLL('capitalChar');
}
}
// check for digits
if ($confArr['digit']) {
if (preg_match("/[0-9]/", $value) > 0) {
$counter++;
} else {
$notUsed[] = $languageService->getLL('digit');
}
}
// check for special characters
if ($confArr['specialChar']) {
if (preg_match("/[^0-9a-z]/i", $value) > 0) {
$counter++;
} else {
$notUsed[] = $languageService->getLL('specialChar');
}
}
if ($counter < $confArr['patterns']) {
/* password does not fit all conventions */
$ignoredPatterns = $confArr['patterns'] - $counter;
$additional = '';
$set = FALSE;
if (is_array($notUsed) && sizeof($notUsed) > 0) {
if (sizeof($notUsed) > 1) {
$additional = sprintf($languageService->getLL('notUsedConventions'), implode(', ', $notUsed));
} else {
$additional = sprintf($languageService->getLL('notUsedConvention'), $notUsed[0]);
}
}
if ($ignoredPatterns >= 1) {
$tce->log('be_users', 0, 5, 0, 1, $languageService->getLL('passwordConvention') . $additional, FALSE, array($ignoredPatterns));
}
}
/* no problems */
if ($set) {
if ($noMD5) {
return $value;
}
return md5($value);
}
// if password not valid return empty password
return '';
}
public function getHashedPassword($password)
{
$objPHPass = null;
if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('t3sec_saltedpw')) {
require_once \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extPath('t3sec_saltedpw') . 'res/staticlib/class.tx_t3secsaltedpw_div.php';
if (tx_t3secsaltedpw_div::isUsageEnabled()) {
require_once \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extPath('t3sec_saltedpw') . 'res/lib/class.tx_t3secsaltedpw_phpass.php';
$objPHPass = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('tx_t3secsaltedpw_phpass');
}
}
if (!$objPHPass && \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('saltedpasswords')) {
if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled()) {
$objPHPass = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod());
}
}
if ($objPHPass) {
$password = $objPHPass->getHashedPassword($password);
} else {
if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('kb_md5fepw')) {
//if kb_md5fepw is installed, crypt password
$password = md5($password);
}
}
return $password;
}
/**
* Checks whether salted Passwords are configured or not.
*
* @return \TYPO3\CMS\Reports\Status An object representing the security of the saltedpassswords extension
*/
protected function getSaltedPasswordsStatus()
{
$value = $GLOBALS['LANG']->getLL('status_ok');
$severity = \TYPO3\CMS\Reports\Status::OK;
/** @var \TYPO3\CMS\Saltedpasswords\Utility\ExtensionManagerConfigurationUtility $configCheck */
$configCheck = GeneralUtility::makeInstance(\TYPO3\CMS\Saltedpasswords\Utility\ExtensionManagerConfigurationUtility::class);
$message = '<p>' . $GLOBALS['LANG']->getLL('status_saltedPasswords_infoText') . '</p>';
$messageDetail = '';
$resultCheck = $configCheck->checkConfigurationBackend(array(), new \TYPO3\CMS\Core\TypoScript\ConfigurationForm());
switch ($resultCheck['errorType']) {
case FlashMessage::INFO:
$messageDetail .= $resultCheck['html'];
break;
case FlashMessage::WARNING:
$severity = \TYPO3\CMS\Reports\Status::WARNING;
$messageDetail .= $resultCheck['html'];
break;
case FlashMessage::ERROR:
$value = $GLOBALS['LANG']->getLL('status_insecure');
$severity = \TYPO3\CMS\Reports\Status::ERROR;
$messageDetail .= $resultCheck['html'];
break;
default:
}
$unsecureUserCount = SaltedPasswordsUtility::getNumberOfBackendUsersWithInsecurePassword();
if ($unsecureUserCount > 0) {
$value = $GLOBALS['LANG']->getLL('status_insecure');
$severity = \TYPO3\CMS\Reports\Status::ERROR;
$messageDetail .= '<div class="panel panel-warning">' . '<div class="panel-body">' . $GLOBALS['LANG']->getLL('status_saltedPasswords_notAllPasswordsHashed') . '</div>' . '</div>';
}
$message .= $messageDetail;
if (empty($messageDetail)) {
$message = '';
}
return GeneralUtility::makeInstance(\TYPO3\CMS\Reports\Status::class, $GLOBALS['LANG']->getLL('status_saltedPasswords'), $value, $message, $severity);
}
/**
* Hash a password from $user->getPassword()
*
* @param FrontendUser $user
* @param string $method "md5" or "sha1"
* @return void
*/
public static function hashPassword(&$user, $method)
{
switch ($method) {
case 'md5':
$user->setPassword(md5($user->getPassword()));
break;
case 'sha1':
$user->setPassword(sha1($user->getPassword()));
break;
default:
if (ExtensionManagementUtility::isLoaded('saltedpasswords')) {
if (SaltedPasswordsUtility::isUsageEnabled('FE')) {
$objInstanceSaltedPw = SaltFactory::getSaltingInstance();
$user->setPassword($objInstanceSaltedPw->getHashedPassword($user->getPassword()));
}
}
}
}
private function isOldPasswordCorrect()
{
// Check old password
$password = $GLOBALS['TYPO3_DB']->exec_SELECTgetSingleRow('password', 'fe_users', 'uid = ' . $this->config['userid'] . ' AND pid IN (' . $this->conf['pidList'] . ')');
$password = current($password);
if (ExtensionManagementUtility::isLoaded('saltedpasswords') && SaltedPasswordsUtility::isUsageEnabled('FE')) {
$instanceSalted = SaltFactory::getSaltingInstance();
}
if ($instanceSalted && $instanceSalted->isValidSaltedPW($password)) {
if (!$instanceSalted->checkPassword($this->piVars['oldpassword'], $password)) {
return false;
}
} else {
if (ExtensionManagementUtility::isLoaded('kb_md5fepw')) {
if (strcmp(md5($this->piVars['oldpassword']), $password) != 0) {
return false;
}
} else {
if (strcmp($this->piVars['oldpassword'], $password) != 0) {
return false;
}
}
}
return true;
}
/**
* Check and validate field of type "input"
*
* @param string $field
* @param string|array $val
* @return string
*/
public function checkFieldFromTcaInput($field, $val)
{
$config = $this->getFieldConfig($field);
if (\TYPO3\CMS\Core\Utility\GeneralUtility::inList($config['eval'], 'password')) {
if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('saltedpasswords') && $GLOBALS['TYPO3_CONF_VARS']['FE']['loginSecurityLevel']) {
$saltedpasswords = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::returnExtConf();
if ($saltedpasswords['enabled']) {
$txSaltedpasswords = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance($saltedpasswords['saltedPWHashingMethod']);
$val = $txSaltedpasswords->getHashedPassword($val);
}
}
}
return $val;
}
/**
* Returns the current context.
*
* @param \Aimeos\MW\Config\Iface Configuration object
* @return MShop_Context_Item_Interface Context object
*/
public static function getContext(\Aimeos\MW\Config\Iface $config)
{
if (self::$context === null) {
$context = new \Aimeos\MShop\Context\Item\Typo3();
$context->setConfig($config);
$dbm = new \Aimeos\MW\DB\Manager\PDO($config);
$context->setDatabaseManager($dbm);
$fsm = new \Aimeos\MW\Filesystem\Manager\Standard($config);
$context->setFilesystemManager($fsm);
$logger = \Aimeos\MAdmin\Log\Manager\Factory::createManager($context);
$context->setLogger($logger);
$cache = self::getCache($context);
$context->setCache($cache);
$mailer = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Mail\\MailMessage');
$context->setMail(new \Aimeos\MW\Mail\Typo3($mailer));
if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('saltedpasswords') && \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled('FE')) {
$object = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance();
$context->setHasherTypo3($object);
}
if (isset($GLOBALS['TSFE']->fe_user)) {
$session = new \Aimeos\MW\Session\Typo3($GLOBALS['TSFE']->fe_user);
} else {
$session = new \Aimeos\MW\Session\None();
}
$context->setSession($session);
self::$context = $context;
}
self::$context->setConfig($config);
return self::$context;
}
/**
* Encrypt the password
*
* @param string $password
* @param array $settings
* @return string
*/
public static function encryptPassword($password, $settings)
{
if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('saltedpasswords') && \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled('FE')) {
$saltObject = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(null);
if (is_object($saltObject)) {
$password = $saltObject->getHashedPassword($password);
}
} elseif ($settings['encryptPassword'] === 'md5') {
$password = md5($password);
} elseif ($settings['encryptPassword'] === 'sha1') {
$password = sha1($password);
}
return $password;
}
/**
* Checks the login data with the user record data for builtin login method.
*
* @param array $user User data array
* @param array $loginData Login data array
* @param string $passwordCompareStrategy Password compare strategy
* @return bool TRUE if login data matched
*/
public function compareUident(array $user, array $loginData, $passwordCompareStrategy = '')
{
$validPasswd = FALSE;
$password = $loginData['uident_text'];
// Determine method used for given salted hashed password
$this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($user['password']);
// Existing record is in format of Salted Hash password
if (is_object($this->objInstanceSaltedPW)) {
$validPasswd = $this->objInstanceSaltedPW->checkPassword($password, $user['password']);
// Record is in format of Salted Hash password but authentication failed
// skip further authentication methods
if (!$validPasswd) {
$this->authenticationFailed = TRUE;
}
$defaultHashingClassName = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod();
$skip = FALSE;
// Test for wrong salted hashing method
if ($validPasswd && !(get_class($this->objInstanceSaltedPW) == $defaultHashingClassName) || is_subclass_of($this->objInstanceSaltedPW, $defaultHashingClassName)) {
// Instanciate default method class
$this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL);
$this->updatePassword((int) $user['uid'], array('password' => $this->objInstanceSaltedPW->getHashedPassword($password)));
}
if ($validPasswd && !$skip && $this->objInstanceSaltedPW->isHashUpdateNeeded($user['password'])) {
$this->updatePassword((int) $user['uid'], array('password' => $this->objInstanceSaltedPW->getHashedPassword($password)));
}
} elseif (!(int) $this->extConf['forceSalted']) {
// Stored password is in deprecated salted hashing method
if (\TYPO3\CMS\Core\Utility\GeneralUtility::inList('C$,M$', substr($user['password'], 0, 2))) {
// Instanciate default method class
$this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(substr($user['password'], 1));
// md5
if ($user['password'][0] === 'M') {
$validPasswd = $this->objInstanceSaltedPW->checkPassword(md5($password), substr($user['password'], 1));
} else {
$validPasswd = $this->objInstanceSaltedPW->checkPassword($password, substr($user['password'], 1));
}
// Skip further authentication methods
if (!$validPasswd) {
$this->authenticationFailed = TRUE;
}
} elseif (preg_match('/[0-9abcdef]{32,32}/', $user['password'])) {
$validPasswd = md5($password) === (string) $user['password'];
// Skip further authentication methods
if (!$validPasswd) {
$this->authenticationFailed = TRUE;
}
} else {
$validPasswd = (string) $password === (string) $user['password'];
}
// Should we store the new format value in DB?
if ($validPasswd && (int) $this->extConf['updatePasswd']) {
// Instanciate default method class
$this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL);
$this->updatePassword((int) $user['uid'], array('password' => $this->objInstanceSaltedPW->getHashedPassword($password)));
}
}
return $validPasswd;
}
/**
* Hash password with saltedpassword extension
*
* @param string $password Password
*
* @return string
*/
protected function getHashedSaltedPassword($password)
{
if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('saltedpasswords') && \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled('FE')) {
$objSalt = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL);
if (is_object($objSalt)) {
$password = $objSalt->getHashedPassword($password);
}
}
return $password;
}
/**
* Returns the current context.
*
* @param \MW_Config_Interface Configuration object
* @return MShop_Context_Item_Interface Context object
*/
public static function getContext(\MW_Config_Interface $config)
{
if (self::$context === null) {
$context = new \MShop_Context_Item_Typo3();
$context->setConfig($config);
$dbm = new \MW_DB_Manager_PDO($config);
$context->setDatabaseManager($dbm);
$logger = \MAdmin_Log_Manager_Factory::createManager($context);
$context->setLogger($logger);
$cache = self::getCache($context);
$context->setCache($cache);
$mailer = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Mail\\MailMessage');
$context->setMail(new \MW_Mail_Typo3($mailer));
if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('saltedpasswords') && \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled('FE')) {
$object = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance();
$context->setHasherTypo3($object);
}
if (isset($GLOBALS['TSFE']->fe_user)) {
$session = new \MW_Session_Typo3($GLOBALS['TSFE']->fe_user);
} else {
$session = new \MW_Session_None();
}
$context->setSession($session);
self::$context = $context;
}
self::$context->setConfig($config);
return self::$context;
}
/**
* @test
*/
public function doesReturnExtConfReturnMergedSettingsIfExtensionConfigurationIsFound()
{
$setting = array('setting' => 1);
$GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords'] = serialize(array('TEST_MODE.' => $setting));
$this->assertEquals(array_merge(\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::returnExtConfDefaults(), $setting), \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::returnExtConf('TEST_MODE'));
}
