/** * Hook function for felogin "forgotPassword" functionality * encrypts the new password before storing in database * * @param array $params: Parameter the hook delivers * @param tx_felogin_pi1 $pObj: Parent Object from which the hook is called * @return void * */ public function feloginForgotPasswordHook(array &$params, tx_felogin_pi1 $pObj) { if (self::isUsageEnabled('FE')) { $this->objInstanceSaltedPW = tx_saltedpasswords_salts_factory::getSaltingInstance(); $params['newPassword'] = $this->objInstanceSaltedPW->getHashedPassword($params['newPassword']); } }
/** * Synchronizes backend users. * * @param array $users */ protected function synchronizeUsers(array $users) { /** @var $instance tx_saltedpasswords_salts */ $instance = null; if (t3lib_extMgm::isLoaded('saltedpasswords')) { $instance = tx_saltedpasswords_salts_factory::getSaltingInstance(null, 'BE'); } $authorizedKeys = array_flip(array('username', 'admin', 'disable', 'realName', 'email', 'TSconfig', 'starttime', 'endtime', 'lang', 'tx_openid_openid', 'deleted')); foreach ($users as $user) { $user = array_intersect_key($user, $authorizedKeys); if (empty($this->config['synchronizeDeletedAccounts']) || !$this->config['synchronizeDeletedAccounts']) { if (isset($user['deleted']) && $user['deleted']) { // We do not authorize deleted user accounts to be synchronized // on this website continue; } } else { $user['deleted'] = $user['deleted'] ? 1 : 0; } // Generate a random password $password = t3lib_div::generateRandomBytes(16); $user['password'] = $instance ? $instance->getHashedPassword($password) : md5($password); $localUser = $this->getDatabaseConnection()->exec_SELECTgetSingleRow('uid', 'be_users', 'username='******'username'], 'be_users')); if ($localUser) { // Update existing user $this->getDatabaseConnection()->exec_UPDATEquery('be_users', 'uid=' . $localUser['uid'], $user); } else { // Create new user $this->getDatabaseConnection()->exec_INSERTquery('be_users', $user); } } }
/** * Checks if the given plain-text and salted passwords match. * * @param string $plainTextPassword Plain test password. * @param string $encryptedPassword Salted password. * @return bool Returns TRUE if plain-text and salted passwords match, else FALSE. */ public static function validate($plainTextPassword, $encryptedPassword) { $status = false; /** @var tx_saltedpasswords_salts $saltingInstance */ $saltingInstance = tx_saltedpasswords_salts_factory::getSaltingInstance(); if (is_object($saltingInstance)) { $status = $saltingInstance->checkPassword($plainTextPassword, $encryptedPassword); } return $status; }
/** * Function uses Portable PHP Hashing Framework to create a proper password string if needed * * @param mixed $value: The value that has to be checked. * @param string $is_in: Is-In String * @param integer $set: Determines if the field can be set (value correct) or not, e.g. if input is required but the value is empty, then $set should be set to FALSE. (PASSED BY REFERENCE!) * @return The new value of the field */ function evaluateFieldValue($value, $is_in, &$set) { $isEnabled = $this->mode ? tx_saltedpasswords_div::isUsageEnabled($this->mode) : tx_saltedpasswords_div::isUsageEnabled(); if ($isEnabled) { $set = FALSE; $isMD5 = preg_match('/[0-9abcdef]{32,32}/', $value); $isSaltedHash = t3lib_div::inList('$1$,$2$,$2a,$P$', substr($value, 0, 3)); $this->objInstanceSaltedPW = tx_saltedpasswords_salts_factory::getSaltingInstance(NULL, $this->mode); if ($isMD5) { $set = TRUE; $value = 'M' . $this->objInstanceSaltedPW->getHashedPassword($value); } else { if (!$isSaltedHash) { $set = TRUE; $value = $this->objInstanceSaltedPW->getHashedPassword($value); } } } return $value; }
/** * Passwords prefixed with M or C might be salted passwords: * M means: originally a md5 hash before it was salted (eg. default be_users). * C means: originally a cleartext password with lower hash looping count generated by t3sec_saltedpw. * Both M and C will be updated to usual salted hashes on first login of user. * * If a password does not start with M or C determine if a password is already a usual salted hash. * * @param string Password * @return boolean True if password is a salted hash */ protected function isSaltedHash($password) { $isSaltedHash = FALSE; if (strlen($password) > 2 && (t3lib_div::isFirstPartOfStr($password, 'C$') || t3lib_div::isFirstPartOfStr($password, 'M$'))) { // Cut off M or C and test if we have a salted hash $isSaltedHash = tx_saltedpasswords_salts_factory::determineSaltingHashingMethod(substr($password, 1)); } // Test if given password is a already a usual salted hash if (!$isSaltedHash) { $isSaltedHash = tx_saltedpasswords_salts_factory::determineSaltingHashingMethod($password); } return $isSaltedHash; }
/** * Checks the backend configuration and shows a message if necessary. * * @param array $params: Field information to be rendered * @param t3lib_tsStyleConfig $pObj: The calling parent object. * @return string Messages as HTML if something needs to be reported */ public function checkConfigurationBackend(array $params, t3lib_tsStyleConfig $pObj) { $this->init(); $extConf = $this->extConf['BE']; // the backend is called over SSL $SSL = ($GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] > 0 ? TRUE : FALSE) && $GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel'] != 'superchallenged'; // rsaAuth is loaded/active $RSAauth = t3lib_extMgm::isLoaded('rsaauth') && $GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel'] == 'rsa'; if ($extConf['enabled']) { // SSL configured? if ($SSL) { $this->setErrorLevel('ok'); $problems[] = 'The backend is configured to use SaltedPasswords over SSL.'; } elseif ($RSAauth) { $this->setErrorLevel('ok'); $problems[] = 'The backend is configured to use SaltedPasswords with RSA authentification.'; } else { $this->setErrorLevel('error'); $problems[] = <<<EOT Backend requirements for SaltedPasswords are not met, therefore the authentication will not work even if it was explicitely enabled for backend usage:<br /> <ul> \t<li>Install the "rsaauth" extension and use the Install Tool to set the \t\tLogin Security Level for the backend to "rsa" \t\t(\$TYPO3_CONF_VARS['BE']['loginSecurityLevel'])</li> \t<li>If you have the option to use SSL, you can also configure your \t\tbackend for SSL usage:<br /> \t\tUse the Install Tool to set the Security-Level for the backend \t\tto "normal" (\$TYPO3_CONF_VARS['BE']['loginSecurityLevel']) and \t\tthe SSL-locking option to a value greater than "0" \t\t(see description - \$TYPO3_CONF_VARS['BE']['lockSSL'])</li> </ul> <br /> It is also possible to use "lockSSL" and "rsa" Login Security Level at the same time. EOT; } // only saltedpasswords as authsservice if ($extConf['onlyAuthService']) { // warn user taht the combination with "forceSalted" may lock him out from Backend if ($extConf['forceSalted']) { $this->setErrorLevel('warning'); $problems[] = <<<EOT SaltedPasswords has been configured to be the only authentication service for the backend. Additionally, usage of salted passwords is enforced (forceSalted). The result is that there is no chance to login with users not having a salted password hash.<br /> <strong><i>WARNING:</i></strong> This may lock you out of the backend! EOT; } else { // inform the user that things like openid won't work anymore $this->setErrorLevel('info'); $problems[] = <<<EOT SaltedPasswords has been configured to be the only authentication service for the backend. This means that other services like "ipauth", "openid", etc. will be ignored (except "rsauth", which is implicitely used). EOT; } } // forceSalted is set if ($extConf['forceSalted'] && !$extConf['onlyAuthService']) { $this->setErrorLevel('warning'); $problems[] = <<<EOT SaltedPasswords has been configured to enforce salted passwords (forceSalted). <br /> This means that only passwords in the format of this extension will succeed for login.<br /> <strong><i>IMPORTANT:</i></strong> This has the effect that passwords that are set from the Install Tool will not work! EOT; } // updatePasswd wont work with "forceSalted" if ($extConf['updatePasswd'] && $extConf['forceSalted']) { $this->setErrorLevel('error'); $problems[] = <<<EOT SaltedPasswords is configured wrong and will not work as expected:<br /> It is not possible to set "updatePasswd" and "forceSalted" at the same time. Please disable either one of them. EOT; } // check if the configured hash-method is available on system if (!($instance = tx_saltedpasswords_salts_factory::getSaltingInstance(NULL, 'BE') || !$instance->isAvailable())) { $this->setErrorLevel('error'); $problems[] = <<<EOT The selected method for hashing your salted passwords is not available on this system! Please check your configuration. EOT; } } else { // not enabled warning $this->setErrorLevel('info'); $problems[] = 'SaltedPasswords has been disabled for backend users.'; } $this->problems = $problems; return $this->renderFlashMessage(); }
/** * Generates the module content. * * @return void */ protected function moduleContent() { switch ((string) $this->MOD_SETTINGS['function']) { case 1: // Get default project name $path = PATH_site . 'fileadmin/templates/'; $dirs = scandir($path); // Filter directories foreach ($dirs as $dir) { if ($dir != '.' && $dir != '..' && $dir != 'default' && $dir != 'ts') { $projectDir = $dir; } } // Form submitted if ($_POST['submit_config']) { // No basedomain given if (!$_POST['project_basedomainde']) { $errorMessageContent = '<h3>' . $GLOBALS['LANG']->getLL('noBasedomain') . '</h3>'; $errorMessageContent .= '<p>' . $GLOBALS['LANG']->getLL('noBasedomainText') . '</p>'; $content = '<div class="alert alert-error">' . $errorMessageContent . '</div>'; $this->content .= $this->doc->section($GLOBALS['LANG']->getLL('title'), $content, 0, 1); } else { if (!$_POST['project_email']) { $errorMessageContent = '<h3>' . $GLOBALS['LANG']->getLL('noEmail') . '</h3>'; $errorMessageContent .= '<p>' . $GLOBALS['LANG']->getLL('noEmailText') . '</p>'; $content = '<div class="alert alert-error">' . $errorMessageContent . '</div>'; $this->content .= $this->doc->section($GLOBALS['LANG']->getLL('title'), $content, 0, 1); } else { if (!$this->checkEmail($_POST['project_email'])) { $errorMessageContent = '<h3>' . $GLOBALS['LANG']->getLL('noValidEmail') . '</h3>'; $errorMessageContent .= '<p>' . $GLOBALS['LANG']->getLL('noValidEmailText') . '</p>'; $content = '<div class="alert alert-error">' . $errorMessageContent . '</div>'; $this->content .= $this->doc->section($GLOBALS['LANG']->getLL('title'), $content, 0, 1); } else { if (!$_POST['project_httphost']) { $errorMessageContent = '<h3>' . $GLOBALS['LANG']->getLL('noHttpHost') . '</h3>'; $errorMessageContent .= '<p>' . $GLOBALS['LANG']->getLL('noHttpHostText') . '</p>'; $content = '<div class="alert alert-error">' . $errorMessageContent . '</div>'; $this->content .= $this->doc->section($GLOBALS['LANG']->getLL('title'), $content, 0, 1); } else { // Get project name $projectName = trim(strtolower($_POST['project_name'])); // Check if uppercase if (ctype_upper($_POST['project_name'])) { $projectNameUpper = $_POST['project_name']; $projectDirUpper = strtoupper($projectDir); } else { $projectNameUpper = $projectName; $projectDirUpper = $projectDir; } // Rename dir rename($path . $projectDir, $path . $projectName); /* Change files BEGIN */ // Files to change $files = array(PATH_site . 'fileadmin/templates/ts/setup/JavaScriptIncludes_setup.ts', PATH_site . 'fileadmin/templates/ts/TSConfig/Page.ts', PATH_site . 'typo3conf/new_localconf.php'); // Parse files foreach ($files as $f) { // Open file $data = file_get_contents($f); // Change data $data = str_replace($projectDir, $projectName, $data); // Write file file_put_contents($f, $data); } /* Change files END */ /* Change files with uppercase BEGIN */ // Files to change $files2 = array(PATH_site . 'fileadmin/templates/ts/setup/lib_setup.ts', PATH_site . 'fileadmin/templates/ts/constants/StandardConfig_constants.ts', PATH_site . 'fileadmin/templates/ts/setup/lib_setup.ts'); // Parse files foreach ($files2 as $f2) { // Open file $data2 = file_get_contents($f2); // Change data $data2 = str_replace(ucfirst($projectDir), ucfirst($projectNameUpper), $data2); // Write file file_put_contents($f2, $data2); } /* Change files with uppercase END */ /* Copyright notice BEGIN */ $copyrightNotice = $_POST['project_copyright']; if (!$copyrightNotice) { $copyrightNotice = $GLOBALS['LANG']->getLL('copyrightDefault'); } $files3 = array(PATH_site . 'fileadmin/templates/ts/setup/StandardConfig_setup.ts'); foreach ($files3 as $f3) { // Open file $data3 = file_get_contents($f3); // Change data $data3 = str_replace("headerComment =", "headerComment = " . $copyrightNotice, $data3); // Write file file_put_contents($f3, $data3); } /* Copyright notice END */ /* Basedomain BEGIN */ $files4 = array(PATH_site . 'fileadmin/templates/ts/constants/StandardConfig_constants.ts'); foreach ($files4 as $f4) { $basedomainDE = trim($_POST['project_basedomainde'], '/') . '/'; $basedomainEN = trim($_POST['project_basedomainen'], '/') . '/'; $httpHost = trim($_POST['project_httphost'], '/'); $basedomainDEPreview = trim($_POST['preview_basedomainde'], '/') . '/'; $basedomainENPreview = trim($_POST['preview_basedomainen'], '/') . '/'; $httpHostPreview = trim($_POST['preview_httphost'], '/'); $basedomainDELive = trim($_POST['live_basedomainde'], '/') . '/'; $basedomainENLive = trim($_POST['live_basedomainen'], '/') . '/'; $httpHostLive = trim($_POST['live_httphost'], '/'); // Open file $data4 = file_get_contents($f4); // Add data $data4 = "" . $data4 . "\r\n\r\n# # medbootstraptools [BEGIN]\r\n\r\n[globalVar = IENV:HTTP_HOST = " . $httpHost . "]\r\n\r\nt3bootstrap {\r\n\tbasedomain.de = " . $basedomainDE . "\r\n\tbasedomain.en = " . $basedomainEN . "\r\n}\r\n\r\n[globalVar = IENV:HTTP_HOST = " . $httpHostPreview . "]\r\n\r\nt3bootstrap {\r\n\tbasedomain.de = " . $basedomainDEPreview . "\r\n\tbasedomain.en = " . $basedomainENPreview . "\r\n}\r\n\r\n[globalVar = IENV:HTTP_HOST = " . $httpHostLive . "]\r\n\r\nt3bootstrap {\r\n\tbasedomain.de = " . $basedomainDELive . "\r\n\tbasedomain.en = " . $basedomainENLive . "\r\n}\r\n\r\n[global]\r\n\r\n# # medbootstraptools [END]"; // Write file file_put_contents($f4, $data4); } /* Basedomain END */ /* Robots BEGIN */ // Get file $robotsFile = PATH_site . 'fileadmin/templates/ts/setup/StandardConfig_setup.ts'; // Open file $robotsFileContent = file_get_contents($robotsFile); // Add data $robotsFileContent = "" . $robotsFileContent . "\r\n\r\n# # medbootstraptools [BEGIN]\r\n\r\n[globalVar = IENV:HTTP_HOST = " . $httpHost . "]\r\n\r\npage.meta.robots = noindex, nofollow\r\n\r\n[globalVar = IENV:HTTP_HOST = " . $httpHostPreview . "]\r\n\r\npage.meta.robots = noindex, nofollow\r\n\r\n[globalVar = IENV:HTTP_HOST = " . $httpHostLive . "]\r\n\r\npage.meta.robots = index, follow\r\n\r\n[global]\r\n\r\n# # medbootstraptools [END]"; // Write file file_put_contents($robotsFile, $robotsFileContent); /* Robots END */ /* Responsive or not BEGIN */ if ($_POST['project_responsive'] != "on") { $resp = PATH_site . 'fileadmin/templates/ts/setup/CSSIncludes_setup.ts'; $dataResp = file_get_contents($resp); $dataResp = str_replace("bootstrap-responsive", "no-responsive", $dataResp); file_put_contents($resp, $dataResp); // Rename t3bootstrap responsive $t3bootstrapResp = PATH_site . 'fileadmin/templates/default/less/t3bootstrap-responsive.less'; rename($t3bootstrapResp, $t3bootstrapResp . '_doNotUse'); // File $lessConfigFile = PATH_site . 'fileadmin/templates/ts/setup/Extensions_setup.ts'; // Get content $lessConfigFileContent = file_get_contents($lessConfigFile); // Remove LESS config for responsive CSS file $lessConfigFileContent = preg_replace('/t3bootstrap-responsive {[^{}]*}/', '', $lessConfigFileContent); // Write file file_put_contents($lessConfigFile, $lessConfigFileContent); } /* Responsive or not END */ /* Install Tool password BEGIN */ $localconfFile = PATH_site . 'typo3conf/new_localconf.php'; $localconfData = file_get_contents($localconfFile); $newInstallPassword = $this->generatePW(); $localConfContent = "// Updated by medbootstraptools " . date("d.m.y", time()) . " " . date("H:i:s", time()) . "\n\$TYPO3_CONF_VARS['BE']['installToolPassword'] = '******';"; $localconfData = str_replace("?>", "\n" . $localConfContent . "\n?>", $localconfData); file_put_contents($localconfFile, $localconfData); /* Install Tool password END */ /* Update site name BEGIN */ // Get localconf $data = file_get_contents($localconfFile); $data = str_replace("\$TYPO3_CONF_VARS['SYS']['sitename'] = '" . ucfirst($projectDir) . "';", "\$TYPO3_CONF_VARS['SYS']['sitename'] = '" . ucfirst($projectNameUpper) . "';", $data); // Write file file_put_contents($localconfFile, $data); /* Update site name END */ /* Settings LIVE/PREVIEW server BEGIN */ // Get file $settingsFile = PATH_typo3conf . 'settings.php'; // Get settings $server = $_POST['live_server']; $host = $_POST['live_host']; $username = $_POST['live_username']; $dbPassword = $_POST['live_password']; $database = $_POST['live_database']; $imPath = $_POST['live_impath']; $previewServer = $_POST['preview_server']; $previewHost = $_POST['preview_host']; $previewUsername = $_POST['preview_username']; $previewDbPassword = $_POST['preview_password']; $previewDatabase = $_POST['preview_database']; $previewImPath = $_POST['preview_impath']; // Get content if (!$server && !$host && !$username && !$dbPassword && !$database && !$previewServer && !$previewHost && !$previewUsername && !$previewDbPassword && !$previewDatabase && !$imPath && !$previewImPath) { $settingsContent = "<?php\r\n\$TYPO3_CONF_VARS['GFX']['im_path_lzw'] = '/usr/local/bin/';\r\n\$TYPO3_CONF_VARS['GFX']['im_path'] = '/usr/local/bin/';\r\n?>"; } else { $settingsContent = "<?php\r\n\tif(\$_SERVER['SERVER_NAME'] == '" . $server . "') {\r\n\t\t\$typo_db_username = '******';\r\n\t\t\$typo_db_password = '******';\r\n\t\t\$typo_db_host = '" . $host . "';\r\n\t\t\$typo_db = '" . $database . "';\r\n\t\t\$TYPO3_CONF_VARS['GFX']['im_path_lzw'] = '" . $imPath . "';\r\n\t\t\$TYPO3_CONF_VARS['GFX']['im_path'] = '" . $imPath . "';\r\n\t}\r\n\telse if(\$_SERVER['SERVER_NAME'] == '" . $previewServer . "') {\r\n\t\t\$typo_db_username = '******';\r\n\t\t\$typo_db_password = '******';\r\n\t\t\$typo_db_host = '" . $previewHost . "';\r\n\t\t\$typo_db = '" . $previewDatabase . "';\r\n\t\t\$TYPO3_CONF_VARS['GFX']['im_path_lzw'] = '" . $previewImPath . "';\r\n\t\t\$TYPO3_CONF_VARS['GFX']['im_path'] = '" . $previewImPath . "';\r\n\t}\r\n?>"; } file_put_contents($settingsFile, $settingsContent); /* Settings LIVE/PREVIEW server END */ /* Import database BEGIN */ /** * @todo Replace @mysql_connect, as TYPO3 Backend is already connected; change import script class */ // Connect to database $connection = @mysql_connect(TYPO3_db_host, TYPO3_db_username, TYPO3_db_password); // Get SQL file $filename = PATH_typo3conf . 'ext/medbootstraptools/mod1/sql/t3bootstrap.sql'; $compress = false; $dump = new phpMyImporter(TYPO3_db, $connection, $filename, $compress); $dump->utf8 = true; // Uses UTF8 connection with MySQL server, default: true $dump->doImport(); /* Clear sys_log and be_sessions table after import [BEGIN] */ mysql_query("TRUNCATE TABLE sys_log"); //mysql_query("TRUNCATE TABLE be_sessions"); /* Clear sys_log and be_sessions table after import [END] */ /* Import database END */ /* Update contact form BEGIN */ $email = $_POST['project_email']; $GLOBALS['TYPO3_DB']->sql_query("UPDATE tt_content SET pi_flexform = REPLACE(pi_flexform, '*****@*****.**', '" . $email . "') WHERE uid=103"); $GLOBALS['TYPO3_DB']->sql_query("UPDATE tt_content SET pi_flexform = REPLACE(pi_flexform, '" . ucfirst($projectDirUpper) . "', '" . ucfirst($projectNameUpper) . "') WHERE uid=103"); /* Update contact form END */ /* Templavoilà BEGIN */ $GLOBALS['TYPO3_DB']->sql_query("UPDATE tx_templavoila_datastructure SET belayout = REPLACE(belayout, '" . $projectDir . "', '" . $projectName . "') WHERE uid=1"); $GLOBALS['TYPO3_DB']->sql_query("UPDATE tx_templavoila_tmplobj SET fileref = REPLACE(fileref, '" . $projectDir . "', '" . $projectName . "') WHERE uid=1"); $GLOBALS['TYPO3_DB']->sql_query("UPDATE tx_templavoila_tmplobj SET fileref_md5 = MD5(fileref) WHERE uid=1"); /* Templavoilà BEGIN */ /* Update page ID 1 BEGIN */ $updateArrayMod = array('tx_medbootstraptools_bootstrapconfig' => 1, 'title' => ucfirst($projectNameUpper)); $resMod = $GLOBALS['TYPO3_DB']->exec_UPDATEquery('pages', 'uid=1', $updateArrayMod); /* Update page ID 1 END */ /* Update user group ID 2 BEGIN */ $updateArrayUser = array('title' => ucfirst($projectNameUpper) . ' ' . $GLOBALS['LANG']->getLL('admin'), 'description' => ucfirst($projectNameUpper) . ' ' . $GLOBALS['LANG']->getLL('adminUserGroup')); $resMod = $GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_groups', 'uid=2', $updateArrayUser); /* Update user group ID 2 END */ /* Update user group ID 3 BEGIN */ $updateArrayUser2 = array('title' => ucfirst($projectNameUpper) . ' ' . $GLOBALS['LANG']->getLL('editor'), 'description' => ucfirst($projectNameUpper) . ' ' . $GLOBALS['LANG']->getLL('editorUserGroup')); $resMod2 = $GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_groups', 'uid=3', $updateArrayUser2); /* Update user group ID 3 END */ /* Create backend users BEGIN */ $beUsers = explode("\n", trim($_POST['project_beusers'])); if ($_POST['project_beusers']) { $beUsersFinal = array(); foreach ($beUsers as $beUser) { $beUsersFinal[] = trim($beUser); } $beUsers = $beUsersFinal; foreach ($beUsers as $beUser) { $userData = explode(",", $beUser); if ($userData[0] != 'admin') { $insertArray = array('username' => trim(str_replace('"', '', stripslashes($userData[0]))), 'admin' => trim(str_replace('"', '', stripslashes($userData[5]))), 'realName' => trim(str_replace('"', '', stripslashes($userData[1]))), 'email' => trim(str_replace('"', '', stripslashes($userData[2]))), 'lang' => trim(str_replace('"', '', stripslashes($userData[3]))), 'tstamp' => time(), 'crdate' => time(), 'usergroup' => trim(str_replace('"', '', stripslashes($userData[4])))); } $resBeUser = $GLOBALS['TYPO3_DB']->exec_INSERTquery('be_users', $insertArray); } } /* Create backend users END */ /* Backend user passwords BEGIN */ // Create 10 passwords $passwordArr = array(); for ($i = 1; $i <= 10; $i++) { $passwordArr[] = $this->generatePW(); } // Get all be_users $resUsers = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid,username', 'be_users', 'disable=0 AND deleted=0', '', '', ''); $i = 0; $passwordArrWithUsername = array(); while ($rowUsers = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($resUsers)) { $passwordArrWithUsername[$rowUsers['username']] = $passwordArr[$i]; // Create salted password $password = $passwordArr[$i]; // plain-text password $saltedPassword = ''; if (t3lib_extMgm::isLoaded('saltedpasswords')) { if (tx_saltedpasswords_div::isUsageEnabled('FE')) { $objSalt = tx_saltedpasswords_salts_factory::getSaltingInstance(NULL); if (is_object($objSalt)) { $saltedPassword = $objSalt->getHashedPassword($password); } } } else { $saltedPassword = $password; } $updateArray = array('password' => $saltedPassword); $res = $GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_users', 'uid=' . $rowUsers['uid'], $updateArray); $i++; } /* Backend user passwords END */ /* Switch localconf BEGIN */ // Clear temp files foreach (glob(PATH_typo3conf . "temp_*.php") as $filename) { unlink($filename); } // Get files $localconfFileAct = PATH_typo3conf . 'localconf.php'; $localconfFileOld = PATH_typo3conf . 'old_localconf.php'; $localconfFileNew = PATH_typo3conf . 'new_localconf.php'; // Include localconf to get database connection for new localconf file // Open new_localconf.php $localconfFileNewContent = file_get_contents($localconfFileNew); $localconfFileNewContent = str_replace(array("\$typo_db_username = '';", "\$typo_db_password = '';", "\$typo_db_host = '';", "\$typo_db = '';"), array("\$typo_db_username = '******';", "\$typo_db_password = '******';", "\$typo_db_host = '" . TYPO3_db_host . "';", "\$typo_db = '" . TYPO3_db . "';"), $localconfFileNewContent); file_put_contents($localconfFileNew, $localconfFileNewContent); // Rename files rename($localconfFileAct, $localconfFileOld); rename($localconfFileNew, $localconfFileAct); /* Switch localconf END */ // Success message $successMessageContent = '<h3>' . $GLOBALS['LANG']->getLL('configSaved') . '</h3>'; $successMessageContent .= '<p><br /><b>' . $GLOBALS['LANG']->getLL('backendPasses') . '</b><br />'; $c = 0; foreach ($passwordArrWithUsername as $pKey => $pVal) { if ($c == 0) { $successMessageContent .= $pKey . ': ' . $pVal; } else { $successMessageContent .= '<br />' . $pKey . ': ' . $pVal; } $c++; } $successMessageContent .= '</p>'; $successMessageContent .= '<p><br /><b>' . $GLOBALS['LANG']->getLL('installToolPassword') . '</b><br />' . $newInstallPassword . '</p>'; // Import SQL $successMessageContent .= '<p><br /><b>' . $GLOBALS['LANG']->getLL('database') . '</b><br />' . $GLOBALS['LANG']->getLL('databaseSuccess') . '</p>'; $content = '<div class="alert alert-success">' . $successMessageContent . '</div>'; $this->content .= $this->doc->section($GLOBALS['LANG']->getLL('title'), $content, 0, 1); // Clear typo3temp folder recursively $this->emptyDirectory(PATH_site . 'typo3temp/Cache/Code'); } } } } } else { // Check if module has already been deactivated $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('tx_medbootstraptools_bootstrapconfig', 'pages', 'uid=1', '', '', ''); $row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res); if ($row['tx_medbootstraptools_bootstrapconfig'] == 1) { $content = '<p><b>' . $GLOBALS['LANG']->getLL('configAlready') . '</b></p>'; } else { $content = ' <form method="post" action=""> <div class="settings"> <h4>' . $GLOBALS['LANG']->getLL('generalSettings') . '</h4> <label>' . $GLOBALS['LANG']->getLL('projectName') . '</label> <input type="text" name="project_name" value="' . $projectDir . '"> <label>' . $GLOBALS['LANG']->getLL('basedomainDE') . '</label> <input type="text" placeholder="http://subdomain.domain.de/" name="project_basedomainde" class="input-middle"> <label>' . $GLOBALS['LANG']->getLL('basedomainEN') . '</label> <input type="text" placeholder="http://subdomain.domain.de/en/" name="project_basedomainen" class="input-middle"> <label>' . $GLOBALS['LANG']->getLL('httpHost') . '</label> <input type="text" name="project_httphost" placeholder="subdomain.domain.de"> <label>' . $GLOBALS['LANG']->getLL('copyrightNotice') . '</label> <input type="text" class="input-long" placeholder="' . $GLOBALS['LANG']->getLL('copyrightDefault') . '" name="project_copyright"> <label>' . $GLOBALS['LANG']->getLL('email') . '</label> <input type="text" name="project_email" placeholder="*****@*****.**"> <label>' . $GLOBALS['LANG']->getLL('adminUser') . ' <i>' . $GLOBALS['LANG']->getLL('adminUserInfo') . '</i>:</label> <textarea cols="5" rows="10" class="textarea-beusers" name="project_beusers"></textarea> <label>' . $GLOBALS['LANG']->getLL('responsive') . '</label> <input type="checkbox" name="project_responsive" checked="checked"> <h4>' . $GLOBALS['LANG']->getLL('databaseConnectionPreview') . '</h4> <label>' . $GLOBALS['LANG']->getLL('basedomainDE') . '</label> <input type="text" placeholder="http://subdomain.domain.de/" name="preview_basedomainde" class="input-middle"> <label>' . $GLOBALS['LANG']->getLL('basedomainEN') . '</label> <input type="text" placeholder="http://subdomain.domain.de/en/" name="preview_basedomainen" class="input-middle"> <label>' . $GLOBALS['LANG']->getLL('httpHost') . '</label> <input type="text" name="preview_httphost" placeholder="subdomain.domain.de"> <label>' . $GLOBALS['LANG']->getLL('serverName') . '</label> <input type="text" name="preview_server" placeholder="domain.de"> <label>' . $GLOBALS['LANG']->getLL('username') . '</label> <input type="text" name="preview_username" autocomplete="off"> <label>' . $GLOBALS['LANG']->getLL('password') . '</label> <input type="password" name="preview_password" autocomplete="off"> <label>' . $GLOBALS['LANG']->getLL('host') . '</label> <input type="text" name="preview_host"> <label>' . $GLOBALS['LANG']->getLL('database') . '</label> <input type="text" name="preview_database"> <label>' . $GLOBALS['LANG']->getLL('imageMagickPath') . '</label> <input type="text" name="preview_impath" placeholder="/usr/local/bin/"> <h4>' . $GLOBALS['LANG']->getLL('databaseConnection') . '</h4> <label>' . $GLOBALS['LANG']->getLL('basedomainDE') . '</label> <input type="text" placeholder="http://subdomain.domain.de/" name="live_basedomainde" class="input-middle"> <label>' . $GLOBALS['LANG']->getLL('basedomainEN') . '</label> <input type="text" placeholder="http://subdomain.domain.de/en/" name="live_basedomainen" class="input-middle"> <label>' . $GLOBALS['LANG']->getLL('httpHost') . '</label> <input type="text" name="live_httphost" placeholder="subdomain.domain.de"> <label>' . $GLOBALS['LANG']->getLL('serverName') . '</label> <input type="text" name="live_server" placeholder="domain.de"> <label>' . $GLOBALS['LANG']->getLL('username') . '</label> <input type="text" name="live_username" autocomplete="off"> <label>' . $GLOBALS['LANG']->getLL('password') . '</label> <input type="password" name="live_password" autocomplete="off"> <label>' . $GLOBALS['LANG']->getLL('host') . '</label> <input type="text" name="live_host"> <label>' . $GLOBALS['LANG']->getLL('database') . '</label> <input type="text" name="live_database"> <label>' . $GLOBALS['LANG']->getLL('imageMagickPath') . '</label> <input type="text" name="live_impath" placeholder="/usr/local/bin/"> <input type="hidden" name="submit_config" value="1"> <p><a href="javascript:void(0);" class="btn btn-primary btn-submit">' . $GLOBALS['LANG']->getLL('save') . '</a></p> </div> </form> '; } $this->content .= $this->doc->section($GLOBALS['LANG']->getLL('title'), $content, 0, 1); } break; } }
/** * @test */ public function resettingFactoryInstanceSucceeds() { $defaultClassNameToUse = tx_saltedpasswords_div::getDefaultSaltingHashingMethod(); $saltedPW = ''; if ($defaultClassNameToUse == 'tx_saltedpasswords_salts_md5') { $saltedPW = '$P$CWF13LlG/0UcAQFUjnnS4LOqyRW43c.'; } else { $saltedPW = '$1$rasmusle$rISCgZzpwk3UhDidwXvin0'; } $this->objectInstance = tx_saltedpasswords_salts_factory::getSaltingInstance($saltedPW); // resetting $this->objectInstance = tx_saltedpasswords_salts_factory::getSaltingInstance(NULL); $this->assertTrue(get_class($this->objectInstance) == $defaultClassNameToUse || is_subclass_of($this->objectInstance, $defaultClassNameToUse)); }
/** * Encrypts the password for secure storage * * @param string $password: password to encrypt * @return string encrypted password * boolean FALSE in case of an error */ public function encryptPasswordForStorage($password) { $encryptedPassword = $password; if ($password != '') { switch ($this->getStorageSecurityLevel()) { case 'salted': $objSalt = tx_saltedpasswords_salts_factory::getSaltingInstance(NULL); if (is_object($objSalt)) { $encryptedPassword = $objSalt->getHashedPassword($password); } else { $encryptedPassword = FALSE; // Could not get a salting instance from saltedpasswords // Should not happen: checked in tx_srfeuserregister_pi1_base::checkRequirements } break; case 'normal': default: // No encryption! break; } } return $encryptedPassword; }
/** * Checks the login data with the user record data for builtin login method. * * @param array user data array * @param array login data array * @param string login security level (optional) * @return boolean TRUE if login data matched */ function compareUident(array $user, array $loginData, $security_level = 'normal') { $validPasswd = FALSE; // could be merged; still here to clarify if (!strcmp(TYPO3_MODE, 'BE')) { $password = $loginData['uident_text']; } else { if (!strcmp(TYPO3_MODE, 'FE')) { $password = $loginData['uident_text']; } } // determine method used for given salted hashed password $this->objInstanceSaltedPW = tx_saltedpasswords_salts_factory::getSaltingInstance($user['password']); // existing record is in format of Salted Hash password if (is_object($this->objInstanceSaltedPW)) { $validPasswd = $this->objInstanceSaltedPW->checkPassword($password, $user['password']); // record is in format of Salted Hash password but authentication failed // skip further authentication methods if (!$validPasswd) { $this->authenticationFailed = TRUE; } $defaultHashingClassName = tx_saltedpasswords_div::getDefaultSaltingHashingMethod(); $skip = FALSE; // test for wrong salted hashing method if ($validPasswd && !(get_class($this->objInstanceSaltedPW) == $defaultHashingClassName) || is_subclass_of($this->objInstanceSaltedPW, $defaultHashingClassName)) { // instanciate default method class $this->objInstanceSaltedPW = tx_saltedpasswords_salts_factory::getSaltingInstance(NULL); $this->updatePassword(intval($user['uid']), array('password' => $this->objInstanceSaltedPW->getHashedPassword($password))); } if ($validPasswd && !$skip && $this->objInstanceSaltedPW->isHashUpdateNeeded($user['password'])) { $this->updatePassword(intval($user['uid']), array('password' => $this->objInstanceSaltedPW->getHashedPassword($password))); } // we process also clear-text, md5 and passwords updated by Portable PHP password hashing framework } else { if (!intval($this->extConf['forceSalted'])) { // stored password is in deprecated salted hashing method if (t3lib_div::inList('C$,M$', substr($user['password'], 0, 2))) { // instanciate default method class $this->objInstanceSaltedPW = tx_saltedpasswords_salts_factory::getSaltingInstance(substr($user['password'], 1)); // md5 if (!strcmp(substr($user['password'], 0, 1), 'M')) { $validPasswd = $this->objInstanceSaltedPW->checkPassword(md5($password), substr($user['password'], 1)); } else { $validPasswd = $this->objInstanceSaltedPW->checkPassword($password, substr($user['password'], 1)); } // skip further authentication methods if (!$validPasswd) { $this->authenticationFailed = TRUE; } // password is stored as md5 } else { if (preg_match('/[0-9abcdef]{32,32}/', $user['password'])) { $validPasswd = !strcmp(md5($password), $user['password']) ? TRUE : FALSE; // skip further authentication methods if (!$validPasswd) { $this->authenticationFailed = TRUE; } // password is stored plain or unrecognized format } else { $validPasswd = !strcmp($password, $user['password']) ? TRUE : FALSE; } } // should we store the new format value in DB? if ($validPasswd && intval($this->extConf['updatePasswd'])) { // instanciate default method class $this->objInstanceSaltedPW = tx_saltedpasswords_salts_factory::getSaltingInstance(NULL); $this->updatePassword(intval($user['uid']), array('password' => $this->objInstanceSaltedPW->getHashedPassword($password))); } } } return $validPasswd; }
/** * Method sets a custom salting hashing method class. * * @param string $resource: object resource to use (e.g. 'EXT:saltedpasswords/classes/salts/class.tx_saltedpasswords_salts_blowfish.php:tx_saltedpasswords_salts_blowfish') * @return tx_saltedpasswords_abstract_salts an instance of salting hashing method object */ public static function setPreferredHashingMethod($resource) { self::$instance = NULL; $objectInstance = t3lib_div::getUserObj($resource); if (is_object($objectInstance) && is_subclass_of($objectInstance, 'tx_saltedpasswords_abstract_salts')) { self::$instance = $objectInstance; } return self::$instance; }
protected function checkRequirements() { $content = ''; // Check if all required extensions are available if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF'][$this->extKey]['constraints']['depends'])) { $requiredExtensions = array_diff(array_keys($GLOBALS['TYPO3_CONF_VARS']['EXTCONF'][$this->extKey]['constraints']['depends']), array('php', 'typo3')); foreach ($requiredExtensions as $requiredExtension) { if (!t3lib_extMgm::isLoaded($requiredExtension)) { $message = sprintf($GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_required_extension_missing'), $requiredExtension); t3lib_div::sysLog($message, $this->extKey, t3lib_div::SYSLOG_SEVERITY_ERROR); $content .= sprintf($GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_check_requirements_frontend'), $message); } } } // Check if front end login security level is correctly set $supportedTransmissionSecurityLevels = $GLOBALS['TYPO3_CONF_VARS']['EXTCONF'][$this->extKey]['loginSecurityLevels']; if (!in_array($GLOBALS['TYPO3_CONF_VARS']['FE']['loginSecurityLevel'], $supportedTransmissionSecurityLevels)) { $message = $GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_login_security_level'); t3lib_div::sysLog($message, $this->extKey, t3lib_div::SYSLOG_SEVERITY_ERROR); $content .= sprintf($GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_check_requirements_frontend'), $message); } else { // Check if salted passwords are enabled in front end if (t3lib_extMgm::isLoaded('saltedpasswords')) { if (!tx_saltedpasswords_div::isUsageEnabled('FE')) { $message = $GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_salted_passwords_disabled'); t3lib_div::sysLog($message, $this->extKey, t3lib_div::SYSLOG_SEVERITY_ERROR); $content .= sprintf($GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_check_requirements_frontend'), $message); } else { // Check if we can get a salting instance $objSalt = tx_saltedpasswords_salts_factory::getSaltingInstance(NULL); if (!is_object($objSalt)) { // Could not get a salting instance from saltedpasswords $message = $GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_salted_passwords_no_instance'); t3lib_div::sysLog($message, $this->extKey, t3lib_div::SYSLOG_SEVERITY_ERROR); $content .= sprintf($GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_check_requirements_frontend'), $message); } } } // Check if we can get a backend from rsaauth if (t3lib_extMgm::isLoaded('rsaauth')) { // rsaauth in TYPO3 4.5 misses autoload if (!class_exists('tx_rsaauth_backendfactory')) { require_once t3lib_extMgm::extPath('rsaauth') . 'sv1/backends/class.tx_rsaauth_backendfactory.php'; require_once t3lib_extMgm::extPath('rsaauth') . 'sv1/storage/class.tx_rsaauth_storagefactory.php'; } $backend = tx_rsaauth_backendfactory::getBackend(); $storage = tx_rsaauth_storagefactory::getStorage(); if (!is_object($backend) || !$backend->isAvailable() || !is_object($storage)) { // Required RSA auth backend not available $message = $GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_rsaauth_backend_not_available'); t3lib_div::sysLog($message, $this->extKey, t3lib_div::SYSLOG_SEVERITY_ERROR); $content .= sprintf($GLOBALS['TSFE']->sL('LLL:EXT:' . $this->extKey . '/pi1/locallang.xml:internal_check_requirements_frontend'), $message); } } } return $content; }
private function isOldPasswordCorrect() { // Check old password $password = $GLOBALS['TYPO3_DB']->exec_SELECTgetSingleRow('password', 'fe_users', 'uid = ' . $this->config['userid'] . ' AND pid IN (' . $this->conf['pidList'] . ')'); $password = current($password); if (t3lib_extMgm::isLoaded('saltedpasswords') && tx_saltedpasswords_div::isUsageEnabled('FE')) { $instanceSalted = tx_saltedpasswords_salts_factory::getSaltingInstance(); } if ($instanceSalted && $instanceSalted->isValidSaltedPW($password)) { if (!$instanceSalted->checkPassword($this->piVars['oldpassword'], $password)) { return false; } } else { if (t3lib_extMgm::isLoaded('kb_md5fepw')) { if (strcmp(md5($this->piVars['oldpassword']), $password) != 0) { return false; } } else { if (strcmp($this->piVars['oldpassword'], $password) != 0) { return false; } } } return true; }