/typo3/sysext/sv/class.tx_sv_loginformhook.php
PHP | 122 lines | 53 code | 13 blank | 56 comment | 7 complexity | f310e68b2269806d63dd352130ebffc0 MD5 | raw file
Possible License(s): Apache-2.0
- <?php
- /***************************************************************
- * Copyright notice
- *
- * (c) 2009-2010 Dmitry Dulepov <dmitry@typo3.org>
- * All rights reserved
- *
- * This script is part of the TYPO3 project. The TYPO3 project is
- * free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * The GNU General Public License can be found at
- * http://www.gnu.org/copyleft/gpl.html.
- *
- * This script is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * This copyright notice MUST APPEAR in all copies of the script!
- ***************************************************************/
- /**
- * [CLASS/FUNCTION INDEX of SCRIPT]
- *
- * $Id$
- */
- /**
- * This class contains a BE login form hook. It adds all necessary JavaScript
- * for the superchallenged authentication.
- *
- * @author Dmitry Dulepov <dmitry@typo3.org>
- * @package TYPO3
- * @subpackage tx_sv
- */
- class tx_sv_loginformhook {
- /**
- * Provides form code for the superchallenged authentication.
- *
- * @param array $params Parameters to the script
- * @param SC_index $pObj Calling object
- * @return string The code for the login form
- */
- public function getLoginFormTag(array $params, SC_index &$pObj) {
- // Get the code according to the login level
- switch ($pObj->loginSecurityLevel) {
- case 'challenged':
- case 'superchallenged':
- $_SESSION['login_challenge'] = $this->getChallenge();
- $content = '<form action="index.php" method="post" name="loginform" ' .
- 'onsubmit="doChallengeResponse(' .
- ($pObj->loginSecurityLevel == 'challenged' ? 0 : 1) . ');">' .
- '<input type="hidden" name="challenge" value="' .
- htmlspecialchars($_SESSION['login_challenge']) . '" />';
- break;
- case 'normal':
- $content = '<form action="index.php" method="post" name="loginform" onsubmit="document.loginform.userident.value=document.loginform.p_field.value;document.loginform.p_field.value=\'\';return true;">';
- break;
- default:
- // No code for unknown level!
- $content = '';
- }
- return $content;
- }
- /**
- * Provides form code for the superchallenged authentication.
- *
- * @param array $params Parameters to the script
- * @param SC_index $pObj Calling object
- * @return string The code for the login form
- */
- public function getLoginScripts(array $params, SC_index &$pObj) {
- $content = '';
- if ($pObj->loginSecurityLevel == 'superchallenged' ||
- $pObj->loginSecurityLevel == 'challenged') {
- $content = '
- <script type="text/javascript" src="md5.js"></script>
- ' . $GLOBALS['TBE_TEMPLATE']->wrapScriptTags('
- function doChallengeResponse(superchallenged) { //
- password = document.loginform.p_field.value;
- if (password) {
- if (superchallenged) {
- password = MD5(password); // this makes it superchallenged!!
- }
- str = document.loginform.username.value+":"+password+":"+document.loginform.challenge.value;
- document.loginform.userident.value = MD5(str);
- document.loginform.p_field.value = "";
- return true;
- }
- }
- ');
- }
- return $content;
- }
- /**
- * Create a random challenge string
- *
- * @return string Challenge value
- */
- protected function getChallenge() {
- $challenge = md5(uniqid('') . getmypid());
- return $challenge;
- }
- }
- if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/sv/class.tx_sv_loginformhook.php']) {
- include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/sv/class.tx_sv_loginformhook.php']);
- }
- ?>