Feature #21423 ยป installToolLogin_ChallengeResponse.diff
| mod/class.tx_install.php (Arbeitskopie) | ||
|---|---|---|
|
function checkPassword() {
|
||
|
$p = t3lib_div::_GP('password');
|
||
|
if ($p && md5($p)==$GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword']) {
|
||
|
if ($p && $this->session->isCorrectResponse($p)) {
|
||
|
$this->session->setAuthorized();
|
||
|
// Sending warning email
|
||
| ... | ... | |
|
$this->messageFunc_nl2br=0;
|
||
|
$this->silent=0;
|
||
|
$challenge = md5(uniqid('') . getmypid());
|
||
|
$this->session->setChallenge($challenge);
|
||
|
$content = '<form action="index.php" method="post" name="passwordForm">
|
||
|
$content = '<form action="index.php" method="post" name="passwordForm" onsubmit="doChallengeResponse(1);">
|
||
|
<input type="password" name="password"><br />
|
||
|
<input type="hidden" name="redirect_url" value="'.htmlspecialchars($redirect_url).'">
|
||
|
<input type="hidden" name="challenge" value="'.$challenge.'" />
|
||
|
<input type="submit" value="Log in"><br />
|
||
|
<br />
|
||
|
'.$this->fw('The Install Tool Password is <i>not</i> the admin password of TYPO3.<br />
|
||
|
If you don\'t know the current password, you can set a new one by setting the value of $TYPO3_CONF_VARS[\'BE\'][\'installToolPassword\'] in typo3conf/localconf.php to the md5() hash value of the password you desire.'.
|
||
|
($p ? '<br /><br />The password you just tried has this md5-value: <br /><br />'.md5($p) : '')
|
||
|
).'
|
||
|
If you don\'t know the current password, you can set a new one by setting the value of $TYPO3_CONF_VARS[\'BE\'][\'installToolPassword\'] in typo3conf/localconf.php to the md5() hash value of the password you desire.').'
|
||
|
</form>
|
||
|
<script type="text/javascript">
|
||
|
<!--
|
||
| ... | ... | |
|
$this->message('Password', 'Your install tool session has expired', '', 3);
|
||
|
}
|
||
|
$this->message('Password', 'Enter the Install Tool Password', $content, 0);
|
||
|
if ($p) {
|
||
|
$this->message('Password wrong', 'The password you just have tried is wrong.', 'If you want to set the Install Tool Password then fill out above field and use the following button to show its md5-value<br /><input type="button" name="get_md5" value="Get MD5" onclick="getMD5();" /><br />Copy the shown value into the variable<br />$TYPO3_CONF_VARS[\'BE\'][\'installToolPassword\']<br />of the file "typo3conf/localconf.php"<br />', 3);
|
||
|
}
|
||
|
$this->output($this->outputWrapper($this->printAll()));
|
||
|
}
|
||
| ... | ... | |
|
<script language="javascript" type="text/javascript">alert(unescape(\'' . t3lib_div::rawUrlEncodeJS($this->JSmessage) . '\'));</script>
|
||
|
':'').'
|
||
|
<script type="text/javascript" src="../md5.js"></script>
|
||
|
<script type="text/javascript">
|
||
|
function doChallengeResponse() {
|
||
|
password = document.passwordForm.password.value;
|
||
|
if (password) {
|
||
|
password = MD5(password);
|
||
|
str = password+":"+document.passwordForm.challenge.value;
|
||
|
document.passwordForm.password.value = MD5(str);
|
||
|
return true;
|
||
|
}
|
||
|
}
|
||
|
function getMD5() {
|
||
|
password = document.passwordForm.password.value;
|
||
|
password = MD5(password);
|
||
|
prompt("Copy the following MD5 value into\nthe \"InstallToolPassword\" variable of localconf.php", password);
|
||
|
}
|
||
|
</script>
|
||
|
<script type="text/javascript" src="../contrib/prototype/prototype.js"></script>
|
||
|
</head>
|
||
|
<body>'.$this->contentBeforeTable.'
|
||
| mod/class.tx_install_session.php (Arbeitskopie) | ||
|---|---|---|
|
$this->typo3tempPath . '/' . $this->sessionPath,
|
||
|
md5(
|
||
|
'session:' .
|
||
|
$GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword']
|
||
|
$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']
|
||
|
)
|
||
|
);
|
||
|
}
|
||
| ... | ... | |
|
if (!$sessionId) {
|
||
|
$sessionId = $this->getSessionId();
|
||
|
}
|
||
|
return md5($GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'].'|'.$sessionId);
|
||
|
return md5($GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey'].'|'.$sessionId);
|
||
|
}
|
||
|
/**
|
||
| ... | ... | |
|
}
|
||
|
/**
|
||
|
* Stores the challenge value for Install-Tool challenge/response login
|
||
|
*
|
||
|
* @return void
|
||
|
*/
|
||
|
public function setChallenge($challenge) {
|
||
|
$_SESSION['challenge'] = $challenge;
|
||
|
}
|
||
|
/**
|
||
|
* Compares the supplied challenged password to the
|
||
|
* TYPO3_CONF_VARS|BE|instalToolPassword variable and return true if
|
||
|
* response is correct
|
||
|
*
|
||
|
* @param string The response as sent by the login form
|
||
|
* @return boolean True if response is correct
|
||
|
*/
|
||
|
public function isCorrectResponse($response) {
|
||
|
$validResponse = md5($GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'].':'.$_SESSION['challenge']);
|
||
|
return strcmp($response, $validResponse)?false:true;
|
||
|
}
|
||
|
/**
|
||
|
* Check if we have an already authorized session
|
||
|
*
|
||
|
* @return boolean True if this session has been authorized before (by a correct password)
|
||
| ... | ... | |
|
include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/install/mod/class.tx_install_session.php']);
|
||
|
}
|
||
|
?>
|
||
|
?>
|
||