protected function createCliBeUser() { $db = $this->getDatabaseConnection(); $where = 'username = '******'_cli_lowlevel', 'be_users') . ' AND admin = 0'; $user = $db->exec_SELECTgetSingleRow('*', 'be_users', $where); if ($user) { if ($user['deleted'] || $user['disable']) { $data = array('be_users' => array($user['uid'] => array('deleted' => 0, 'disable' => 0))); /** @var \TYPO3\CMS\Core\DataHandling\DataHandler $dataHandler */ $dataHandler = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\DataHandling\\DataHandler'); $dataHandler->stripslashes_values = FALSE; $dataHandler->start($data, array()); $dataHandler->process_datamap(); } } else { // Prepare necessary data for _cli_lowlevel user creation $password = uniqid('scheduler', TRUE); if (SaltedPasswordsUtility::isUsageEnabled()) { $objInstanceSaltedPW = SaltFactory::getSaltingInstance(); $password = $objInstanceSaltedPW->getHashedPassword($password); } $data = array('be_users' => array('NEW' => array('username' => '_cli_lowlevel', 'password' => $password, 'pid' => 0))); /** @var \TYPO3\CMS\Core\DataHandling\DataHandler $dataHandler */ $dataHandler = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\DataHandling\\DataHandler'); $dataHandler->stripslashes_values = FALSE; $dataHandler->start($data, array()); $dataHandler->process_datamap(); // Check if a new uid was indeed generated (i.e. a new record was created) // (counting DataHandler errors doesn't work as some failures don't report errors) $numberOfNewIDs = count($dataHandler->substNEWwithIDs); if ((int) $numberOfNewIDs !== 1) { InstallerScripts::addFlashMessage('Failed to create _cli_lowlevel BE user.', 'BE user creation failed', AbstractMessage::WARNING); } } }
/** * Validation method * * @param mixed $password * * @return bool */ public function isValid($password) { $result = true; if (!\Evoweb\SfRegister\Services\Login::isLoggedIn()) { $this->addError(\TYPO3\CMS\Extbase\Utility\LocalizationUtility::translate('error_changepassword_notloggedin', 'SfRegister'), 1301599489); $result = false; } else { $user = $this->userRepository->findByUid($GLOBALS['TSFE']->fe_user->user['uid']); if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('saltedpasswords') && \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled('FE')) { /** @var \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface $saltedPassword */ $saltedPassword = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($user->getPassword(), null); if (!$saltedPassword->checkPassword($password, $user->getPassword())) { $this->addError(\TYPO3\CMS\Extbase\Utility\LocalizationUtility::translate('error_changepassword_notequal', 'SfRegister'), 1301599507); $result = false; } } elseif ($this->settings['encryptPassword'] === 'md5') { if (md5($password) !== $user->getPassword()) { $this->addError(\TYPO3\CMS\Extbase\Utility\LocalizationUtility::translate('error_changepassword_notequal', 'SfRegister'), 1301599507); $result = false; } } elseif ($this->settings['encryptPassword'] === 'sha1') { if (sha1($password) !== $user->getPassword()) { $this->addError(\TYPO3\CMS\Extbase\Utility\LocalizationUtility::translate('error_changepassword_notequal', 'SfRegister'), 1301599507); $result = false; } } } return $result; }
/** * Execute task * * @return bool */ public function execute() { $processedAllRecords = TRUE; // For frontend and backend foreach ($this->userRecordPointer as $mode => $pointer) { // If saltedpasswords is active for frontend / backend if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled($mode)) { $usersToUpdate = $this->findUsersToUpdate($mode); $numberOfRows = count($usersToUpdate); if ($numberOfRows > 0) { $processedAllRecords = FALSE; $this->activateSelf(); $this->incrementUserRecordPointer($mode, $numberOfRows); $this->convertPasswords($mode, $usersToUpdate); } } } if ($processedAllRecords) { // Reset the user record pointer $this->userRecordPointer = array('FE' => 0, 'BE' => 0); // Determine if task should disable itself if ($this->canDeactivateSelf) { $this->deactivateSelf(); } } // Use save() of parent class \TYPO3\CMS\Scheduler\Task\AbstractTask to persist changed task variables $this->save(); return TRUE; }
/** * Applies transformations to a given plain text password, e.g. hashing * * @param string $password * @return string */ public function applyTransformations($password) { if (ExtensionManagementUtility::isLoaded('saltedpasswords')) { if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled('FE')) { $saltingInstance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(); $password = $saltingInstance->getHashedPassword($password); } } return $password; }
public function setPassword($password) { if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled('FE')) { $objSalt = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL); if (is_object($objSalt)) { $password = $objSalt->getHashedPassword($password); } } parent::setPassword($password); }
/** * Adds the password hasher object to the context * * @param \Aimeos\MShop\Context\Item\Iface $context Context object * @return \Aimeos\MShop\Context\Item\Iface Modified context object */ protected static function addHasher(\Aimeos\MShop\Context\Item\Iface $context) { if (isset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['aimeos']['aimeos_context_hasher']) && is_callable($fcn = $GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['aimeos']['aimeos_context_hasher'])) { return $fcn($context); } if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('saltedpasswords') && \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled('FE')) { $object = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(); $context->setHasherTypo3($object); } return $context; }
/** * @return string */ protected function getSaltedPassword($password) { $saltedPassword = $password; if (ExtensionManagementUtility::isLoaded('saltedpasswords')) { if (SaltedPasswordsUtility::isUsageEnabled('FE')) { $objSalt = SaltFactory::getSaltingInstance(NULL); if (is_object($objSalt)) { $saltedPassword = $objSalt->getHashedPassword($password); } } } return $saltedPassword; }
/** * Function uses Portable PHP Hashing Framework to create a proper password string if needed * * @param mixed $value The value that has to be checked. * @param string $is_in Is-In String * @param integer $set Determines if the field can be set (value correct) or not, e.g. if input is required but the value is empty, then $set should be set to FALSE. (PASSED BY REFERENCE!) * @return The new value of the field * @todo Define visibility */ public function evaluateFieldValue($value, $is_in, &$set) { $isEnabled = $this->mode ? \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled($this->mode) : \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled(); if ($isEnabled) { $set = FALSE; $isMD5 = preg_match('/[0-9abcdef]{32,32}/', $value); $isSaltedHash = \TYPO3\CMS\Core\Utility\GeneralUtility::inList('$1$,$2$,$2a,$P$', substr($value, 0, 3)); $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL, $this->mode); if ($isMD5) { $set = TRUE; $value = 'M' . $this->objInstanceSaltedPW->getHashedPassword($value); } elseif (!$isSaltedHash) { $set = TRUE; $value = $this->objInstanceSaltedPW->getHashedPassword($value); } } return $value; }
/** * Obtains a salting hashing method instance. * * This function will return an instance of a class that implements * tx_saltedpasswords_abstract_salts. * * Use parameter NULL to reset the factory! * * @param string $saltedHash (optional) Salted hashed password to determine the type of used method from or NULL to reset the factory * @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for * @return tx_saltedpasswords_abstract_salts an instance of salting hashing method object */ public static function getSaltingInstance($saltedHash = '', $mode = TYPO3_MODE) { // Creating new instance when // * no instance existing // * a salted hash given to determine salted hashing method from // * a NULL parameter given to reset instance back to default method if (!is_object(self::$instance) || !empty($saltedHash) || is_NULL($saltedHash)) { // Determine method by checking the given hash if (!empty($saltedHash)) { $result = self::determineSaltingHashingMethod($saltedHash); if (!$result) { self::$instance = NULL; } } else { $classNameToUse = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod($mode); $availableClasses = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/saltedpasswords']['saltMethods']; self::$instance = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($availableClasses[$classNameToUse], 'tx_'); } } return self::$instance; }
/** * Function uses Portable PHP Hashing Framework to create a proper password string if needed * * @param mixed $value The value that has to be checked. * @param string $is_in Is-In String * @param bool $set Determines if the field can be set (value correct) or not, e.g. if input is required but the value is empty, then $set should be set to FALSE. (PASSED BY REFERENCE!) * @return string The new value of the field */ public function evaluateFieldValue($value, $is_in, &$set) { $isEnabled = $this->mode ? \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled($this->mode) : \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled(); if ($isEnabled) { $isMD5 = preg_match('/[0-9abcdef]{32,32}/', $value); $isDeprecatedSaltedHash = \TYPO3\CMS\Core\Utility\GeneralUtility::inList('C$,M$', substr($value, 0, 2)); /** @var $objInstanceSaltedPW \TYPO3\CMS\Saltedpasswords\Salt\SaltInterface */ $objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL, $this->mode); if ($isMD5) { $set = TRUE; $value = 'M' . $objInstanceSaltedPW->getHashedPassword($value); } else { // Determine method used for the (possibly) salted hashed password $tempValue = $isDeprecatedSaltedHash ? substr($value, 1) : $value; $tempObjInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($tempValue); if (!is_object($tempObjInstanceSaltedPW)) { $set = TRUE; $value = $objInstanceSaltedPW->getHashedPassword($value); } } } return $value; }
/** * This method creates the "cli_scheduler" BE user if it doesn't exist * * @return void */ protected function createSchedulerUser() { // Check _cli_scheduler user status $checkUser = $this->checkSchedulerUser(); // Prepare default message $message = $this->getLanguageService()->getLL('msg.userExists'); $severity = FlashMessage::WARNING; // If the user does not exist, try creating it if ($checkUser == -1) { // Prepare necessary data for _cli_scheduler user creation $password = StringUtility::getUniqueId('scheduler'); if (SaltedPasswordsUtility::isUsageEnabled()) { $objInstanceSaltedPW = SaltFactory::getSaltingInstance(); $password = $objInstanceSaltedPW->getHashedPassword($password); } $data = array('be_users' => array('NEW' => array('username' => '_cli_scheduler', 'password' => $password, 'pid' => 0))); /** @var $tcemain \TYPO3\CMS\Core\DataHandling\DataHandler */ $tcemain = GeneralUtility::makeInstance(\TYPO3\CMS\Core\DataHandling\DataHandler::class); $tcemain->start($data, array()); $tcemain->process_datamap(); // Check if a new uid was indeed generated (i.e. a new record was created) // (counting TCEmain errors doesn't work as some failures don't report errors) $numberOfNewIDs = count($tcemain->substNEWwithIDs); if ($numberOfNewIDs === 1) { $message = $this->getLanguageService()->getLL('msg.userCreated'); $severity = FlashMessage::OK; } else { $message = $this->getLanguageService()->getLL('msg.userNotCreated'); $severity = FlashMessage::ERROR; } } $this->addMessage($message, $severity); }
<?php defined('TYPO3_MODE') or die(); $GLOBALS['TCA']['fe_users']['columns']['password']['config']['max'] = 100; if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled('FE')) { // Get eval field operations methods as array keys $operations = array_flip(\TYPO3\CMS\Core\Utility\GeneralUtility::trimExplode(',', $GLOBALS['TCA']['fe_users']['columns']['password']['config']['eval'], TRUE)); // Remove md5 and temporary password from the list of evaluated methods unset($operations['md5'], $operations['password']); // Append new methods to have "password" as last operation. $operations['TYPO3\\CMS\\Saltedpasswords\\Evaluation\\FrontendEvaluator'] = 1; $operations['password'] = 1; $GLOBALS['TCA']['fe_users']['columns']['password']['config']['eval'] = implode(',', array_keys($operations)); unset($operations); }
/** * Parses mapping settings and builds an array holding the query fields information. * * @return array The query fields */ protected function parseFields() { $queryFields = []; //parse mapping foreach ($this->settings['fields.'] as $fieldname => $options) { $fieldname = str_replace('.', '', $fieldname); if (isset($options) && is_array($options)) { if (!isset($options['special'])) { $mapping = $options['mapping']; //if no mapping default to the name of the form field if (!$mapping) { $mapping = $fieldname; } $fieldValue = $this->utilityFuncs->getGlobal($mapping, $this->gp); //pre process the field value. e.g. to format a date if (isset($options['preProcessing.']) && is_array($options['preProcessing.'])) { if (!isset($options['preProcessing.']['value'])) { $options['preProcessing.']['value'] = $fieldValue; } $fieldValue = $this->utilityFuncs->getSingle($options, 'preProcessing'); } if (isset($options['mapping.']) && is_array($options['mapping.'])) { if (!isset($options['mapping.']['value'])) { $options['mapping.']['value'] = $fieldValue; } $fieldValue = $this->utilityFuncs->getSingle($options, 'mapping'); } //process empty value handling if (isset($options['ifIsEmpty']) && strlen($fieldValue) === 0) { $fieldValue = $this->utilityFuncs->getSingle($options, 'ifIsEmpty'); } if (intval($this->utilityFuncs->getSingle($options, 'zeroIfEmpty')) === 1 && strlen($fieldValue) === 0) { $fieldValue = 0; } //process array handling if (is_array($fieldValue)) { $separator = ','; if ($options['separator']) { $separator = $this->utilityFuncs->getSingle($options, 'separator'); } $fieldValue = implode($separator, $fieldValue); } //process uploaded files $files = $this->globals->getSession()->get('files'); if (isset($files[$fieldname]) && is_array($files[$fieldname])) { $fieldValue = $this->getFileList($files, $fieldname); } } else { switch ($options['special']) { case 'saltedpassword': $field = $this->utilityFuncs->getSingle($options['special.'], 'field'); $saltedpasswords = SaltedPasswordsUtility::returnExtConf(); $tx_saltedpasswords = GeneralUtility::makeInstance($saltedpasswords['saltedPWHashingMethod']); $encryptedPassword = $tx_saltedpasswords->getHashedPassword($this->gp[$field]); $fieldValue = $encryptedPassword; break; case 'files': $field = $this->utilityFuncs->getSingle($options['special.'], 'field'); if (isset($options['special.']['separator'])) { $separator = $this->utilityFuncs->getSingle($options['special.'], 'separator'); } else { $separator = ','; } $filesArray = []; if (isset($options['special.']['info'])) { $info = $this->utilityFuncs->getSingle($options['special.'], 'info'); } else { $info = '[uploaded_name]'; } $files = $this->globals->getSession()->get('files'); if (isset($files[$field]) && is_array($files[$field])) { foreach ($files[$field] as $idx => $file) { $infoString = $info; foreach ($file as $infoKey => $infoValue) { $infoString = str_replace('[' . $infoKey . ']', $infoValue, $infoString); } array_push($filesArray, $infoString); } } if (isset($options['special.']['index'])) { $index = $this->utilityFuncs->getSingle($options['special.'], 'index'); if (isset($filesArray[$index])) { $fieldValue = $filesArray[$index]; } } else { $fieldValue = implode($separator, $filesArray); } break; case 'date': $field = $this->utilityFuncs->getSingle($options['special.'], 'field'); $date = $this->gp[$field]; $dateFormat = 'Y-m-d'; if ($options['special.']['dateFormat']) { $dateFormat = $this->utilityFuncs->getSingle($options['special.'], 'dateFormat'); } elseif ($options['special.']['format']) { $dateFormat = $this->utilityFuncs->getSingle($options['special.'], 'format'); } $fieldValue = $this->utilityFuncs->dateToTimestamp($date, $dateFormat); break; case 'datetime': if (version_compare(PHP_VERSION, '5.3.0') < 0) { $this->utilityFuncs->throwException('error_datetime'); } $field = $this->utilityFuncs->getSingle($options['special.'], 'field'); $date = $this->gp[$field]; $dateFormat = 'Y-m-d H:i:s'; if ($options['special.']['dateFormat']) { $dateFormat = $this->utilityFuncs->getSingle($options['special.'], 'dateFormat'); } elseif ($options['special.']['format']) { $dateFormat = $this->utilityFuncs->getSingle($options['special.'], 'format'); } $fieldValue = $this->utilityFuncs->dateToTimestamp($date, $dateFormat); break; case 'sub_datetime': $dateFormat = 'Y-m-d H:i:s'; if ($options['special.']['dateFormat']) { $dateFormat = $this->utilityFuncs->getSingle($options['special.'], 'dateFormat'); } elseif ($options['special.']['format']) { $dateFormat = $this->utilityFuncs->getSingle($options['special.'], 'format'); } $fieldValue = date($dateFormat, time()); break; case 'sub_tstamp': $fieldValue = time(); break; case 'ip': $fieldValue = GeneralUtility::getIndpEnv('REMOTE_ADDR'); break; case 'inserted_uid': $table = $this->utilityFuncs->getSingle($options['special.'], 'table'); if (is_array($this->gp['saveDB'])) { foreach ($this->gp['saveDB'] as $idx => $info) { if ($info['table'] === $table) { $fieldValue = $info['uid']; } } } break; } } } else { $fieldValue = $options; } //post process the field value after formhandler did it's magic. if (isset($options['postProcessing.']) && is_array($options['postProcessing.'])) { if (!isset($options['postProcessing.']['value'])) { $options['postProcessing.']['value'] = $fieldValue; } $fieldValue = $this->utilityFuncs->getSingle($options, 'postProcessing'); } $queryFields[$fieldname] = $fieldValue; if (intval($this->utilityFuncs->getSingle($options, 'nullIfEmpty')) === 1 && strlen($queryFields[$fieldname]) == 0) { unset($queryFields[$fieldname]); } } return $queryFields; }
/** * encrypt password * @param string $password password */ public function encryptPassword($password) { if (SaltedPasswordsUtility::isUsageEnabled() && $password != '') { $password = SaltFactory::getSaltingInstance(null)->getHashedPassword($password); $this->setValue($password); } }
/** * Method tries to determine the salting hashing method used for given salt. * * Method implicitly sets the instance of the found method object in the class property when found. * * @param string $saltedHash * @param string $mode (optional) The TYPO3 mode (FE or BE) saltedpasswords shall be used for * @return bool TRUE, if salting hashing method has been found, otherwise FALSE */ public static function determineSaltingHashingMethod($saltedHash, $mode = TYPO3_MODE) { $registeredMethods = static::getRegisteredSaltedHashingMethods(); $defaultClassName = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod($mode); $defaultReference = $registeredMethods[$defaultClassName]; unset($registeredMethods[$defaultClassName]); // place the default method first in the order $registeredMethods = array($defaultClassName => $defaultReference) + $registeredMethods; $methodFound = false; foreach ($registeredMethods as $method) { $objectInstance = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($method); if ($objectInstance instanceof SaltInterface) { $methodFound = $objectInstance->isValidSaltedPW($saltedHash); if ($methodFound) { self::$instance = $objectInstance; break; } } } return $methodFound; }
/** * Checks whether the Install Tool password is set to its default value. * * @return \TYPO3\CMS\Reports\Status An object representing the security of the saltedpassswords extension */ protected function getSaltedPasswordsStatus() { $value = $GLOBALS['LANG']->getLL('status_ok'); $message = ''; $severity = \TYPO3\CMS\Reports\Status::OK; /** @var \TYPO3\CMS\Saltedpasswords\Utility\ExtensionManagerConfigurationUtility $configCheck */ $configCheck = GeneralUtility::makeInstance('TYPO3\\CMS\\Saltedpasswords\\Utility\\ExtensionManagerConfigurationUtility'); $message = '<p>' . $GLOBALS['LANG']->getLL('status_saltedPasswords_infoText') . '</p>'; $messageDetail = ''; $flashMessage = $configCheck->checkConfigurationBackend(array(), new \TYPO3\CMS\Core\TypoScript\ConfigurationForm()); if (strpos($flashMessage, 'message-error') !== FALSE) { $value = $GLOBALS['LANG']->getLL('status_insecure'); $severity = \TYPO3\CMS\Reports\Status::ERROR; $messageDetail .= $flashMessage; } if (strpos($flashMessage, 'message-warning') !== FALSE) { $severity = \TYPO3\CMS\Reports\Status::WARNING; $messageDetail .= $flashMessage; } if (strpos($flashMessage, 'message-information') !== FALSE) { $messageDetail .= $flashMessage; } $unsecureUserCount = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getNumberOfBackendUsersWithInsecurePassword(); if ($unsecureUserCount > 0) { $value = $GLOBALS['LANG']->getLL('status_insecure'); $severity = \TYPO3\CMS\Reports\Status::ERROR; $messageDetail .= '<div class="typo3-message message-warning">' . $GLOBALS['LANG']->getLL('status_saltedPasswords_notAllPasswordsHashed') . '</div>'; } $message .= $messageDetail; if (empty($messageDetail)) { $message = ''; } return GeneralUtility::makeInstance('TYPO3\\CMS\\Reports\\Status', $GLOBALS['LANG']->getLL('status_saltedPasswords'), $value, $message, $severity); }
/** * @test */ public function resettingFactoryInstanceSucceeds() { $defaultClassNameToUse = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod(); if ($defaultClassNameToUse == 'TYPO3\\CMS\\Saltedpasswords\\Salt\\Md5Salt') { $saltedPW = '$P$CWF13LlG/0UcAQFUjnnS4LOqyRW43c.'; } else { $saltedPW = '$1$rasmusle$rISCgZzpwk3UhDidwXvin0'; } $this->objectInstance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($saltedPW); // resetting $this->objectInstance = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL); $this->assertTrue(get_class($this->objectInstance) == $defaultClassNameToUse || is_subclass_of($this->objectInstance, $defaultClassNameToUse)); }
function setPassword($password) { $this->data['password'] = $password; $this->data['tx_mmforum_md5'] = md5($password); $objPHPass = null; if (ExtensionManagementUtility::isLoaded('t3sec_saltedpw')) { require_once ExtensionManagementUtility::extPath('t3sec_saltedpw') . 'res/staticlib/class.tx_t3secsaltedpw_div.php'; if (tx_t3secsaltedpw_div::isUsageEnabled()) { require_once ExtensionManagementUtility::extPath('t3sec_saltedpw') . 'res/lib/class.tx_t3secsaltedpw_phpass.php'; $objPHPass = GeneralUtility::makeInstance('tx_t3secsaltedpw_phpass'); } } if (!$objPHPass && ExtensionManagementUtility::isLoaded('saltedpasswords')) { if (SaltedPasswordsUtility::isUsageEnabled()) { $objPHPass = GeneralUtility::makeInstance(SaltedPasswordsUtility::getDefaultSaltingHashingMethod()); } } if ($objPHPass) { $this->data['password'] = $objPHPass->getHashedPassword($password); } else { if (ExtensionManagementUtility::isLoaded('kb_md5fepw')) { //if kb_md5fepw is installed, crypt password $this->data['password'] = md5($password); } } }
/** * Function uses Portable PHP Hashing Framework to create a proper password string if needed * * @param mixed $value The value that has to be checked. * @param string $is_in Is-In String * @param integer $set Determines if the field can be set (value correct) or not, e.g. if input is required but the value is empty, then $set should be set to FALSE. (PASSED BY REFERENCE!) * @return string The new value of the field */ public function evaluateFieldValue($value, $is_in, &$set) { $confArr = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['be_secure_pw']); // create tce object for logging /** @var \TYPO3\CMS\Core\DataHandling\DataHandler $tce */ $tce = Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\DataHandling\\DataHandler'); $tce->BE_USER = $GLOBALS['BE_USER']; // get the languages from ext /** @var \TYPO3\CMS\Lang\LanguageService $languageService */ $languageService = Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Lang\\LanguageService'); $languageService->init($tce->BE_USER->uc['lang']); $languageService->includeLLFile('EXT:be_secure_pw/Resources/Private/Language/locallang.xml'); /** @var boolean $noMD5 return variable as md5 hash if saltedpasswords isn't enabled */ $noMD5 = FALSE; $set = TRUE; if (Utility\ExtensionManagementUtility::isLoaded('saltedpasswords')) { if (SaltedPasswordsUtility::isUsageEnabled('BE')) { $noMD5 = TRUE; } } $isMD5 = preg_match('/[0-9abcdef]{32,32}/', $value); // if $value is a md5 hash, return the value directly if ($isMD5 && $noMD5) { return $value; } // check for password length $passwordLength = (int) $confArr['passwordLength']; if ($confArr['passwordLength'] && $passwordLength) { if (strlen($value) < $confArr['passwordLength']) { $set = FALSE; /* password too short */ $tce->log('be_users', 0, 5, 0, 1, $languageService->getLL('shortPassword'), FALSE, array($passwordLength)); } } $counter = 0; $notUsed = array(); // check for lowercase characters if ($confArr['lowercaseChar']) { if (preg_match("/[a-z]/", $value) > 0) { $counter++; } else { $notUsed[] = $languageService->getLL('lowercaseChar'); } } // check for capital characters if ($confArr['capitalChar']) { if (preg_match("/[A-Z]/", $value) > 0) { $counter++; } else { $notUsed[] = $languageService->getLL('capitalChar'); } } // check for digits if ($confArr['digit']) { if (preg_match("/[0-9]/", $value) > 0) { $counter++; } else { $notUsed[] = $languageService->getLL('digit'); } } // check for special characters if ($confArr['specialChar']) { if (preg_match("/[^0-9a-z]/i", $value) > 0) { $counter++; } else { $notUsed[] = $languageService->getLL('specialChar'); } } if ($counter < $confArr['patterns']) { /* password does not fit all conventions */ $ignoredPatterns = $confArr['patterns'] - $counter; $additional = ''; $set = FALSE; if (is_array($notUsed) && sizeof($notUsed) > 0) { if (sizeof($notUsed) > 1) { $additional = sprintf($languageService->getLL('notUsedConventions'), implode(', ', $notUsed)); } else { $additional = sprintf($languageService->getLL('notUsedConvention'), $notUsed[0]); } } if ($ignoredPatterns >= 1) { $tce->log('be_users', 0, 5, 0, 1, $languageService->getLL('passwordConvention') . $additional, FALSE, array($ignoredPatterns)); } } /* no problems */ if ($set) { if ($noMD5) { return $value; } return md5($value); } // if password not valid return empty password return ''; }
public function getHashedPassword($password) { $objPHPass = null; if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('t3sec_saltedpw')) { require_once \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extPath('t3sec_saltedpw') . 'res/staticlib/class.tx_t3secsaltedpw_div.php'; if (tx_t3secsaltedpw_div::isUsageEnabled()) { require_once \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extPath('t3sec_saltedpw') . 'res/lib/class.tx_t3secsaltedpw_phpass.php'; $objPHPass = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('tx_t3secsaltedpw_phpass'); } } if (!$objPHPass && \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('saltedpasswords')) { if (\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled()) { $objPHPass = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod()); } } if ($objPHPass) { $password = $objPHPass->getHashedPassword($password); } else { if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('kb_md5fepw')) { //if kb_md5fepw is installed, crypt password $password = md5($password); } } return $password; }
/** * Checks whether salted Passwords are configured or not. * * @return \TYPO3\CMS\Reports\Status An object representing the security of the saltedpassswords extension */ protected function getSaltedPasswordsStatus() { $value = $GLOBALS['LANG']->getLL('status_ok'); $severity = \TYPO3\CMS\Reports\Status::OK; /** @var \TYPO3\CMS\Saltedpasswords\Utility\ExtensionManagerConfigurationUtility $configCheck */ $configCheck = GeneralUtility::makeInstance(\TYPO3\CMS\Saltedpasswords\Utility\ExtensionManagerConfigurationUtility::class); $message = '<p>' . $GLOBALS['LANG']->getLL('status_saltedPasswords_infoText') . '</p>'; $messageDetail = ''; $resultCheck = $configCheck->checkConfigurationBackend(array(), new \TYPO3\CMS\Core\TypoScript\ConfigurationForm()); switch ($resultCheck['errorType']) { case FlashMessage::INFO: $messageDetail .= $resultCheck['html']; break; case FlashMessage::WARNING: $severity = \TYPO3\CMS\Reports\Status::WARNING; $messageDetail .= $resultCheck['html']; break; case FlashMessage::ERROR: $value = $GLOBALS['LANG']->getLL('status_insecure'); $severity = \TYPO3\CMS\Reports\Status::ERROR; $messageDetail .= $resultCheck['html']; break; default: } $unsecureUserCount = SaltedPasswordsUtility::getNumberOfBackendUsersWithInsecurePassword(); if ($unsecureUserCount > 0) { $value = $GLOBALS['LANG']->getLL('status_insecure'); $severity = \TYPO3\CMS\Reports\Status::ERROR; $messageDetail .= '<div class="panel panel-warning">' . '<div class="panel-body">' . $GLOBALS['LANG']->getLL('status_saltedPasswords_notAllPasswordsHashed') . '</div>' . '</div>'; } $message .= $messageDetail; if (empty($messageDetail)) { $message = ''; } return GeneralUtility::makeInstance(\TYPO3\CMS\Reports\Status::class, $GLOBALS['LANG']->getLL('status_saltedPasswords'), $value, $message, $severity); }
/** * Hash a password from $user->getPassword() * * @param FrontendUser $user * @param string $method "md5" or "sha1" * @return void */ public static function hashPassword(&$user, $method) { switch ($method) { case 'md5': $user->setPassword(md5($user->getPassword())); break; case 'sha1': $user->setPassword(sha1($user->getPassword())); break; default: if (ExtensionManagementUtility::isLoaded('saltedpasswords')) { if (SaltedPasswordsUtility::isUsageEnabled('FE')) { $objInstanceSaltedPw = SaltFactory::getSaltingInstance(); $user->setPassword($objInstanceSaltedPw->getHashedPassword($user->getPassword())); } } } }
private function isOldPasswordCorrect() { // Check old password $password = $GLOBALS['TYPO3_DB']->exec_SELECTgetSingleRow('password', 'fe_users', 'uid = ' . $this->config['userid'] . ' AND pid IN (' . $this->conf['pidList'] . ')'); $password = current($password); if (ExtensionManagementUtility::isLoaded('saltedpasswords') && SaltedPasswordsUtility::isUsageEnabled('FE')) { $instanceSalted = SaltFactory::getSaltingInstance(); } if ($instanceSalted && $instanceSalted->isValidSaltedPW($password)) { if (!$instanceSalted->checkPassword($this->piVars['oldpassword'], $password)) { return false; } } else { if (ExtensionManagementUtility::isLoaded('kb_md5fepw')) { if (strcmp(md5($this->piVars['oldpassword']), $password) != 0) { return false; } } else { if (strcmp($this->piVars['oldpassword'], $password) != 0) { return false; } } } return true; }
/** * Check and validate field of type "input" * * @param string $field * @param string|array $val * @return string */ public function checkFieldFromTcaInput($field, $val) { $config = $this->getFieldConfig($field); if (\TYPO3\CMS\Core\Utility\GeneralUtility::inList($config['eval'], 'password')) { if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('saltedpasswords') && $GLOBALS['TYPO3_CONF_VARS']['FE']['loginSecurityLevel']) { $saltedpasswords = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::returnExtConf(); if ($saltedpasswords['enabled']) { $txSaltedpasswords = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance($saltedpasswords['saltedPWHashingMethod']); $val = $txSaltedpasswords->getHashedPassword($val); } } } return $val; }
/** * Returns the current context. * * @param \Aimeos\MW\Config\Iface Configuration object * @return MShop_Context_Item_Interface Context object */ public static function getContext(\Aimeos\MW\Config\Iface $config) { if (self::$context === null) { $context = new \Aimeos\MShop\Context\Item\Typo3(); $context->setConfig($config); $dbm = new \Aimeos\MW\DB\Manager\PDO($config); $context->setDatabaseManager($dbm); $fsm = new \Aimeos\MW\Filesystem\Manager\Standard($config); $context->setFilesystemManager($fsm); $logger = \Aimeos\MAdmin\Log\Manager\Factory::createManager($context); $context->setLogger($logger); $cache = self::getCache($context); $context->setCache($cache); $mailer = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Mail\\MailMessage'); $context->setMail(new \Aimeos\MW\Mail\Typo3($mailer)); if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('saltedpasswords') && \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled('FE')) { $object = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(); $context->setHasherTypo3($object); } if (isset($GLOBALS['TSFE']->fe_user)) { $session = new \Aimeos\MW\Session\Typo3($GLOBALS['TSFE']->fe_user); } else { $session = new \Aimeos\MW\Session\None(); } $context->setSession($session); self::$context = $context; } self::$context->setConfig($config); return self::$context; }
/** * Encrypt the password * * @param string $password * @param array $settings * @return string */ public static function encryptPassword($password, $settings) { if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('saltedpasswords') && \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled('FE')) { $saltObject = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(null); if (is_object($saltObject)) { $password = $saltObject->getHashedPassword($password); } } elseif ($settings['encryptPassword'] === 'md5') { $password = md5($password); } elseif ($settings['encryptPassword'] === 'sha1') { $password = sha1($password); } return $password; }
/** * Checks the login data with the user record data for builtin login method. * * @param array $user User data array * @param array $loginData Login data array * @param string $passwordCompareStrategy Password compare strategy * @return bool TRUE if login data matched */ public function compareUident(array $user, array $loginData, $passwordCompareStrategy = '') { $validPasswd = FALSE; $password = $loginData['uident_text']; // Determine method used for given salted hashed password $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($user['password']); // Existing record is in format of Salted Hash password if (is_object($this->objInstanceSaltedPW)) { $validPasswd = $this->objInstanceSaltedPW->checkPassword($password, $user['password']); // Record is in format of Salted Hash password but authentication failed // skip further authentication methods if (!$validPasswd) { $this->authenticationFailed = TRUE; } $defaultHashingClassName = \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::getDefaultSaltingHashingMethod(); $skip = FALSE; // Test for wrong salted hashing method if ($validPasswd && !(get_class($this->objInstanceSaltedPW) == $defaultHashingClassName) || is_subclass_of($this->objInstanceSaltedPW, $defaultHashingClassName)) { // Instanciate default method class $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL); $this->updatePassword((int) $user['uid'], array('password' => $this->objInstanceSaltedPW->getHashedPassword($password))); } if ($validPasswd && !$skip && $this->objInstanceSaltedPW->isHashUpdateNeeded($user['password'])) { $this->updatePassword((int) $user['uid'], array('password' => $this->objInstanceSaltedPW->getHashedPassword($password))); } } elseif (!(int) $this->extConf['forceSalted']) { // Stored password is in deprecated salted hashing method if (\TYPO3\CMS\Core\Utility\GeneralUtility::inList('C$,M$', substr($user['password'], 0, 2))) { // Instanciate default method class $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(substr($user['password'], 1)); // md5 if ($user['password'][0] === 'M') { $validPasswd = $this->objInstanceSaltedPW->checkPassword(md5($password), substr($user['password'], 1)); } else { $validPasswd = $this->objInstanceSaltedPW->checkPassword($password, substr($user['password'], 1)); } // Skip further authentication methods if (!$validPasswd) { $this->authenticationFailed = TRUE; } } elseif (preg_match('/[0-9abcdef]{32,32}/', $user['password'])) { $validPasswd = md5($password) === (string) $user['password']; // Skip further authentication methods if (!$validPasswd) { $this->authenticationFailed = TRUE; } } else { $validPasswd = (string) $password === (string) $user['password']; } // Should we store the new format value in DB? if ($validPasswd && (int) $this->extConf['updatePasswd']) { // Instanciate default method class $this->objInstanceSaltedPW = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL); $this->updatePassword((int) $user['uid'], array('password' => $this->objInstanceSaltedPW->getHashedPassword($password))); } } return $validPasswd; }
/** * Hash password with saltedpassword extension * * @param string $password Password * * @return string */ protected function getHashedSaltedPassword($password) { if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('saltedpasswords') && \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled('FE')) { $objSalt = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(NULL); if (is_object($objSalt)) { $password = $objSalt->getHashedPassword($password); } } return $password; }
/** * Returns the current context. * * @param \MW_Config_Interface Configuration object * @return MShop_Context_Item_Interface Context object */ public static function getContext(\MW_Config_Interface $config) { if (self::$context === null) { $context = new \MShop_Context_Item_Typo3(); $context->setConfig($config); $dbm = new \MW_DB_Manager_PDO($config); $context->setDatabaseManager($dbm); $logger = \MAdmin_Log_Manager_Factory::createManager($context); $context->setLogger($logger); $cache = self::getCache($context); $context->setCache($cache); $mailer = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Mail\\MailMessage'); $context->setMail(new \MW_Mail_Typo3($mailer)); if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('saltedpasswords') && \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::isUsageEnabled('FE')) { $object = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(); $context->setHasherTypo3($object); } if (isset($GLOBALS['TSFE']->fe_user)) { $session = new \MW_Session_Typo3($GLOBALS['TSFE']->fe_user); } else { $session = new \MW_Session_None(); } $context->setSession($session); self::$context = $context; } self::$context->setConfig($config); return self::$context; }
/** * @test */ public function doesReturnExtConfReturnMergedSettingsIfExtensionConfigurationIsFound() { $setting = array('setting' => 1); $GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['saltedpasswords'] = serialize(array('TEST_MODE.' => $setting)); $this->assertEquals(array_merge(\TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::returnExtConfDefaults(), $setting), \TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility::returnExtConf('TEST_MODE')); }