/**
* Run the controller and parse the password template
*
* @return Response
*/
public function run()
{
/** @var BackendTemplate|object $objTemplate */
$objTemplate = new \BackendTemplate('be_password');
if (\Input::post('FORM_SUBMIT') == 'tl_password') {
$pw = \Input::postUnsafeRaw('password');
$cnf = \Input::postUnsafeRaw('confirm');
// The passwords do not match
if ($pw != $cnf) {
\Message::addError($GLOBALS['TL_LANG']['ERR']['passwordMatch']);
} elseif (Utf8::strlen($pw) < \Config::get('minPasswordLength')) {
\Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['passwordLength'], \Config::get('minPasswordLength')));
} elseif ($pw == $this->User->username) {
\Message::addError($GLOBALS['TL_LANG']['ERR']['passwordName']);
} else {
// Make sure the password has been changed
if (\Encryption::verify($pw, $this->User->password)) {
\Message::addError($GLOBALS['TL_LANG']['MSC']['pw_change']);
} else {
$this->loadDataContainer('tl_user');
// Trigger the save_callback
if (is_array($GLOBALS['TL_DCA']['tl_user']['fields']['password']['save_callback'])) {
foreach ($GLOBALS['TL_DCA']['tl_user']['fields']['password']['save_callback'] as $callback) {
if (is_array($callback)) {
$this->import($callback[0]);
$pw = $this->{$callback[0]}->{$callback[1]}($pw);
} elseif (is_callable($callback)) {
$pw = $callback($pw);
}
}
}
$objUser = \UserModel::findByPk($this->User->id);
$objUser->pwChange = '';
$objUser->password = \Encryption::hash($pw);
$objUser->save();
\Message::addConfirmation($GLOBALS['TL_LANG']['MSC']['pw_changed']);
$this->redirect('contao/main.php');
}
}
$this->reload();
}
$objTemplate->theme = \Backend::getTheme();
$objTemplate->messages = \Message::generate();
$objTemplate->base = \Environment::get('base');
$objTemplate->language = $GLOBALS['TL_LANGUAGE'];
$objTemplate->title = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['pw_new']);
$objTemplate->charset = \Config::get('characterSet');
$objTemplate->action = ampersand(\Environment::get('request'));
$objTemplate->headline = $GLOBALS['TL_LANG']['MSC']['pw_change'];
$objTemplate->submitButton = \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['continue']);
$objTemplate->password = $GLOBALS['TL_LANG']['MSC']['password'][0];
$objTemplate->confirm = $GLOBALS['TL_LANG']['MSC']['confirm'][0];
return $objTemplate->getResponse();
}
/**
* Check if user authentication succeeds on phpbb site and if so update contao member
*
* @param $username
* @param $password
* @param User $user
* @return bool
*/
public function onCheckCredentials($username, $password, User $user)
{
// Only try to login if it's frontend user
if ($user instanceof FrontendUser) {
$loginResult = System::getContainer()->get('phpbb_bridge.connector')->validateLogin($username, $password);
// Login was successful on phpbb side. Maybe user changed his password. So do we for contao then
if ($loginResult === true) {
$user->password = Encryption::hash($password);
$user->save();
return true;
}
}
return false;
}
/**
* @param null $dc
* @throws \Exception
*/
public function setAutoPassword($dc = null)
{
// Front end call
if (!$dc instanceof DataContainer) {
return;
}
if ($this->isDisabledAccountmail($dc)) {
return;
}
$intId = $dc->id;
if (Input::get('act') == 'overrideAll' && Input::get('fields') && $intId === null) {
// Define indicator for given or not given password on overrideAll mode
if (!isset($GLOBALS['ACCOUNTMAIL']['AUTO_PASSWORD'])) {
$strPassword = $this->getPostPassword();
$GLOBALS['ACCOUNTMAIL']['AUTO_PASSWORD'] = $strPassword == '' || $strPassword == '*****' ? true : false;
if ($GLOBALS['ACCOUNTMAIL']['AUTO_PASSWORD'] === true) {
// Set password, that no error occurs with "password not set"
$strNewPassword = substr(str_shuffle('abcdefghkmnpqrstuvwxyzABCDEFGHKMNOPQRSTUVWXYZ0123456789'), 0, 8);
$this->setPostPassword($strNewPassword);
}
Message::addConfirmation($GLOBALS['TL_LANG']['MSC']['pw_changed']);
}
return;
}
$strPassword = $this->getPostPassword($intId);
if ($strPassword !== null && $strPassword == '') {
$strModel = Model::getClassFromTable($dc->table);
$objAccount = $strModel::findByPk($intId);
if ($objAccount !== null) {
$strNewPassword = substr(str_shuffle('abcdefghkmnpqrstuvwxyzABCDEFGHKMNOPQRSTUVWXYZ0123456789'), 0, 8);
$this->setPostPassword($strNewPassword, $intId);
Message::addConfirmation($GLOBALS['TL_LANG']['MSC']['pw_changed']);
$objAccount->password = Encryption::hash($strNewPassword);
$objAccount->save();
}
}
}
/**
* Renders a form to set the install tool password.
*
* @return Response|RedirectResponse The response object
*/
private function setPassword()
{
$request = $this->container->get('request_stack')->getCurrentRequest();
if ('tl_password' !== $request->request->get('FORM_SUBMIT')) {
return $this->render('password.html.twig');
}
$password = $request->request->get('password');
$confirmation = $request->request->get('confirmation');
// The passwords do not match
if ($password !== $confirmation) {
return $this->render('password.html.twig', ['error' => $this->trans('password_confirmation_mismatch')]);
}
$installTool = $this->container->get('contao.install_tool');
$minlength = $installTool->getConfig('minPasswordLength');
// The passwords is too short
if (Utf8::strlen($password) < $minlength) {
return $this->render('password.html.twig', ['error' => sprintf($this->trans('password_too_short'), $minlength)]);
}
$installTool->persistConfig('installPassword', Encryption::hash($password));
$this->container->get('contao.install_tool_user')->setAuthenticated(true);
return $this->getRedirectResponse();
}
/**
* Imports a user from phpbb to contao
*
* @param $username
* @param $password
* @return bool
* @throws \Exception
*/
public function importUser($username, $password)
{
if ($this->debug) {
System::log("phpbb_bridge: " . __METHOD__, __METHOD__, TL_ACCESS);
}
// Find User in forum
$user = $this->getUser($username);
if ($user) {
System::log('Importing User ' . $username, __METHOD__, TL_ACCESS);
// Try to find user by real username if he entered username_clean
// he may not be imported yet with it's clean username
$contaoUser = MemberModel::findByUsername($user->username);
if (null == $contaoUser) {
$contaoUser = new MemberModel();
}
$contaoUser->username = $user->username;
$contaoUser->username_clean = $user->username_clean;
$contaoUser->email = $user->user_email;
$contaoUser->firstname = 'Vorname';
$contaoUser->lastname = 'Nachname';
$contaoUser->password = Encryption::hash($password);
$contaoUser->login = 1;
$contaoUser->tstamp = $contaoUser->dateAdded = time();
$contaoUser->groups = $this->getForumMemberGroupIds(true);
// @todo add try catch, make it more safe, logout phpbb user on fail?
$contaoUser->save();
System::log('User imported: ' . $contaoUser->username, __METHOD__, TL_ACCESS);
// username_clean used for login
if ($username != $contaoUser->username) {
Input::setPost('username', $contaoUser->username);
}
return true;
} else {
System::log($username . ' could not be found in phpbb db', __METHOD__, TL_ACCESS);
return false;
}
}
/**
* Persists the admin user.
*
* @param string $username The username
* @param string $name The name
* @param string $email The e-mail address
* @param string $password The plain text password
* @param string $language The language
*/
public function persistAdminUser($username, $name, $email, $password, $language)
{
$statement = $this->connection->prepare("\n INSERT INTO tl_user(\n tstamp,\n name,\n email,\n username,\n password,\n language,\n backendTheme,\n admin,\n showHelp,\n useRTE,\n useCE,\n thumbnails,\n dateAdded\n ) VALUES (\n :time,\n :name,\n :email,\n :username,\n :password,\n :language,\n 'flexible',\n 1,\n 1,\n 1,\n 1,\n 1,\n :time\n )\n ");
$replace = ['#' => '#', '<' => '<', '>' => '>', '(' => '(', ')' => ')', '\\' => '\', '=' => '='];
$statement->execute([':time' => time(), ':name' => strtr($name, $replace), ':email' => $email, ':username' => strtr($username, $replace), ':password' => Encryption::hash($password), ':language' => $language]);
}
/**
* Try to login the current user
*
* @return boolean True if the user could be logged in
*/
public function login()
{
\System::loadLanguageFile('default');
// Do not continue if username or password are missing
if (empty($_POST['username']) || empty($_POST['password'])) {
return false;
}
// Load the user object
if ($this->findBy('username', \Input::post('username', true)) == false) {
$blnLoaded = false;
// HOOK: pass credentials to callback functions
if (isset($GLOBALS['TL_HOOKS']['importUser']) && is_array($GLOBALS['TL_HOOKS']['importUser'])) {
foreach ($GLOBALS['TL_HOOKS']['importUser'] as $callback) {
$this->import($callback[0], 'objImport', true);
$blnLoaded = $this->objImport->{$callback[1]}(\Input::post('username', true), \Input::postUnsafeRaw('password'), $this->strTable);
// Load successfull
if ($blnLoaded === true) {
break;
}
}
}
// Return if the user still cannot be loaded
if (!$blnLoaded || $this->findBy('username', \Input::post('username', true)) == false) {
\Message::addError($GLOBALS['TL_LANG']['ERR']['invalidLogin']);
$this->log('Could not find user "' . \Input::post('username', true) . '"', __METHOD__, TL_ACCESS);
return false;
}
}
$time = time();
// Set the user language
if (\Input::post('language')) {
$this->language = \Input::post('language');
}
// Lock the account if there are too many login attempts
if ($this->loginCount < 1) {
$this->locked = $time;
$this->loginCount = \Config::get('loginCount');
$this->save();
// Add a log entry and the error message, because checkAccountStatus() will not be called (see #4444)
$this->log('User "' . $this->username . '" has been locked for ' . ceil(\Config::get('lockPeriod') / 60) . ' minutes', __METHOD__, TL_ACCESS);
\Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['accountLocked'], ceil(($this->locked + \Config::get('lockPeriod') - $time) / 60)));
// Send admin notification
if (\Config::get('adminEmail') != '') {
$objEmail = new \Email();
$objEmail->subject = $GLOBALS['TL_LANG']['MSC']['lockedAccount'][0];
$objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['lockedAccount'][1], $this->username, TL_MODE == 'FE' ? $this->firstname . " " . $this->lastname : $this->name, \Idna::decode(\Environment::get('base')), ceil(\Config::get('lockPeriod') / 60));
$objEmail->sendTo(\Config::get('adminEmail'));
}
return false;
}
// Check the account status
if ($this->checkAccountStatus() == false) {
return false;
}
// The password has been generated with crypt()
if (\Encryption::test($this->password)) {
$blnAuthenticated = \Encryption::verify(\Input::postUnsafeRaw('password'), $this->password);
} else {
list($strPassword, $strSalt) = explode(':', $this->password);
$blnAuthenticated = $strSalt == '' ? $strPassword === sha1(\Input::postUnsafeRaw('password')) : $strPassword === sha1($strSalt . \Input::postUnsafeRaw('password'));
// Store a SHA-512 encrpyted version of the password
if ($blnAuthenticated) {
$this->password = \Encryption::hash(\Input::postUnsafeRaw('password'));
}
}
// HOOK: pass credentials to callback functions
if (!$blnAuthenticated && isset($GLOBALS['TL_HOOKS']['checkCredentials']) && is_array($GLOBALS['TL_HOOKS']['checkCredentials'])) {
foreach ($GLOBALS['TL_HOOKS']['checkCredentials'] as $callback) {
$this->import($callback[0], 'objAuth', true);
$blnAuthenticated = $this->objAuth->{$callback[1]}(\Input::post('username', true), \Input::postUnsafeRaw('password'), $this);
// Authentication successfull
if ($blnAuthenticated === true) {
break;
}
}
}
// Redirect if the user could not be authenticated
if (!$blnAuthenticated) {
--$this->loginCount;
$this->save();
\Message::addError($GLOBALS['TL_LANG']['ERR']['invalidLogin']);
$this->log('Invalid password submitted for username "' . $this->username . '"', __METHOD__, TL_ACCESS);
return false;
}
$this->setUserFromDb();
// Update the record
$this->lastLogin = $this->currentLogin;
$this->currentLogin = $time;
$this->loginCount = \Config::get('loginCount');
$this->save();
// Generate the session
$this->regenerateSessionId();
$this->generateSession();
$this->log('User "' . $this->username . '" has logged in', __METHOD__, TL_ACCESS);
// HOOK: post login callback
if (isset($GLOBALS['TL_HOOKS']['postLogin']) && is_array($GLOBALS['TL_HOOKS']['postLogin'])) {
foreach ($GLOBALS['TL_HOOKS']['postLogin'] as $callback) {
$this->import($callback[0], 'objLogin', true);
$this->objLogin->{$callback[1]}($this);
}
}
return true;
}
/**
* Validate input and set value
*
* @param mixed $varInput The user input
*
* @return mixed The validated user input
*/
protected function validator($varInput)
{
$this->blnSubmitInput = false;
if (!strlen($varInput) && (strlen($this->varValue) || !$this->mandatory)) {
return '';
}
if (Utf8::strlen($varInput) < \Config::get('minPasswordLength')) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['passwordLength'], \Config::get('minPasswordLength')));
}
if ($varInput != $this->getPost($this->strName . '_confirm')) {
$this->addError($GLOBALS['TL_LANG']['ERR']['passwordMatch']);
}
$varInput = parent::validator($varInput);
if (!$this->hasErrors()) {
$this->blnSubmitInput = true;
return \Encryption::hash($varInput);
}
return '';
}
/**
* Validate input and set value
*
* @param mixed $varInput
*
* @return string
*/
protected function validator($varInput)
{
$this->blnSubmitInput = false;
if (($varInput == '' || $varInput == '*****') && $this->varValue != '') {
return '*****';
}
if (Utf8::strlen($varInput) < \Config::get('minPasswordLength')) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['passwordLength'], \Config::get('minPasswordLength')));
}
if ($varInput != $this->getPost($this->strName . '_confirm')) {
$this->addError($GLOBALS['TL_LANG']['ERR']['passwordMatch']);
}
if ($varInput == $GLOBALS['TL_USERNAME']) {
$this->addError($GLOBALS['TL_LANG']['ERR']['passwordName']);
}
$varInput = parent::validator($varInput);
if (!$this->hasErrors()) {
$this->blnSubmitInput = true;
\Message::addConfirmation($GLOBALS['TL_LANG']['MSC']['pw_changed']);
return \Encryption::hash($varInput);
}
return '';
}
/**
* Create an admin user
*/
protected function createAdminUser()
{
try {
$objAdmin = $this->Database->execute("SELECT COUNT(*) AS count FROM tl_user WHERE admin=1");
if ($objAdmin->count > 0) {
$this->Template->adminCreated = true;
} elseif (\Input::post('FORM_SUBMIT') == 'tl_admin') {
// Do not allow special characters in usernames
if (preg_match('/[#\\(\\)\\/<=>]/', \Input::post('username', true))) {
$this->Template->usernameError = $GLOBALS['TL_LANG']['ERR']['extnd'];
} elseif (strpos(\Input::post('username', true), ' ') !== false) {
$this->Template->usernameError = sprintf($GLOBALS['TL_LANG']['ERR']['noSpace'], $GLOBALS['TL_LANG']['MSC']['username']);
} elseif (!\Validator::isEmail(\Input::post('email', true))) {
$this->Template->emailError = $GLOBALS['TL_LANG']['ERR']['email'];
} elseif (\Input::post('pass', true) != \Input::post('confirm_pass', true)) {
$this->Template->passwordError = $GLOBALS['TL_LANG']['ERR']['passwordMatch'];
} elseif (utf8_strlen(\Input::post('pass', true)) < \Config::get('minPasswordLength')) {
$this->Template->passwordError = sprintf($GLOBALS['TL_LANG']['ERR']['passwordLength'], \Config::get('minPasswordLength'));
} elseif (\Input::post('pass', true) == \Input::post('username', true)) {
$this->Template->passwordError = $GLOBALS['TL_LANG']['ERR']['passwordName'];
} elseif (\Input::post('name') != '' && \Input::post('email', true) != '' && \Input::post('username', true) != '') {
$time = time();
$strPassword = \Encryption::hash(\Input::post('pass', true));
$this->Database->prepare("INSERT INTO tl_user (tstamp, name, email, username, password, language, backendTheme, admin, showHelp, useRTE, useCE, thumbnails, dateAdded) VALUES ({$time}, ?, ?, ?, ?, ?, ?, 1, 1, 1, 1, 1, {$time})")->execute(\Input::post('name'), \Input::post('email', true), \Input::post('username', true), $strPassword, str_replace('-', '_', $GLOBALS['TL_LANGUAGE']), \Config::get('backendTheme'));
\Config::persist('adminEmail', \Input::post('email', true));
// Scan the upload folder (see #6134)
if ($this->Database->tableExists('tl_files') && $this->Database->query("SELECT COUNT(*) AS count FROM tl_files")->count < 1) {
$this->import('Database\\Updater', 'Updater');
$this->Updater->scanUploadFolder();
}
$this->reload();
}
$this->Template->adminName = \Input::post('name');
$this->Template->adminEmail = \Input::post('email', true);
$this->Template->adminUser = \Input::post('username', true);
}
} catch (ResponseException $e) {
throw $e;
// see #267
} catch (\Exception $e) {
$this->Template->adminCreated = false;
}
}
