Bug #21568 » 0012612.patch
t3lib/config_default.php (Arbeitskopie) | ||
---|---|---|
'BackendLogin::logout' => 'typo3/classes/class.ajaxlogin.php:AjaxLogin->logout',
|
||
'BackendLogin::refreshLogin' => 'typo3/classes/class.ajaxlogin.php:AjaxLogin->refreshLogin',
|
||
'BackendLogin::isTimedOut' => 'typo3/classes/class.ajaxlogin.php:AjaxLogin->isTimedOut',
|
||
'BackendLogin::getChallenge' => 'typo3/classes/class.ajaxlogin.php:AjaxLogin->getChallenge',
|
||
'WorkspaceMenu::toggleWorkspacePreview' => 'typo3/classes/class.workspaceselector.php:WorkspaceSelector->toggleWorkspacePreview',
|
||
'WorkspaceMenu::setWorkspace' => 'typo3/classes/class.workspaceselector.php:WorkspaceSelector->setWorkspace'
|
||
),
|
typo3/js/loginrefresh.js (Arbeitskopie) | ||
---|---|---|
inputType: "hidden",
|
||
name: "challenge",
|
||
id: "challenge",
|
||
value: TYPO3.configuration.challenge
|
||
value: ''
|
||
}
|
||
],
|
||
keys:({
|
||
key: Ext.EventObject.ENTER,
|
||
fn: this.submitForm,
|
||
fn: this.triggerSubmitForm,
|
||
scope: this
|
||
}),
|
||
buttons: [{
|
||
text: TYPO3.LLL.core.refresh_login_button,
|
||
formBind: true,
|
||
handler: this.submitForm
|
||
handler: this.triggerSubmitForm
|
||
}, {
|
||
text: TYPO3.LLL.core.refresh_logout_button,
|
||
formBind: true,
|
||
... | ... | |
Ext.TaskMgr.stop(this.loadingTask);
|
||
},
|
||
|
||
submitForm: function() {
|
||
submitForm: function(challenge) {
|
||
var form = Ext.getCmp("loginform").getForm();
|
||
var fields = form.getValues();
|
||
if (fields.p_field === "") {
|
||
... | ... | |
fields.p_field = MD5(fields.p_field);
|
||
}
|
||
if (TS.securityLevel == "superchallenged" || TS.securityLevel == "challenged") {
|
||
fields.userident = MD5(fields.username + ":" + fields.p_field + ":" + fields.challenge);
|
||
fields.challenge = challenge;
|
||
fields.userident = MD5(fields.username + ":" + fields.p_field + ":" + challenge);
|
||
} else {
|
||
fields.userident = fields.p_field;
|
||
}
|
||
... | ... | |
}
|
||
});
|
||
}
|
||
},
|
||
triggerSubmitForm: function() {
|
||
if (TS.securityLevel == 'superchallenged' || TS.securityLevel == 'challenged') {
|
||
Ext.Ajax.request({
|
||
url: 'ajax.php',
|
||
params: {
|
||
'ajaxID': 'BackendLogin::getChallenge',
|
||
'skipSessionUpdate': 1
|
||
},
|
||
method: 'GET',
|
||
success: function(response) {
|
||
var result = Ext.util.JSON.decode(response.responseText);
|
||
if (result.challenge) {
|
||
Ext.getCmp('challenge').value = result.challenge;
|
||
TYPO3.loginRefresh.submitForm(result.challenge);
|
||
}
|
||
},
|
||
scope: this
|
||
});
|
||
} else {
|
||
this.submitForm();
|
||
}
|
||
}
|
||
|
||
});
|
||
typo3/classes/class.ajaxlogin.php (Arbeitskopie) | ||
---|---|---|
$ajaxObj->addContent('login', array('success' => FALSE, 'error' => 'No BE_USER object'));
|
||
}
|
||
}
|
||
/**
|
||
* Gets a MD5 challenge.
|
||
*
|
||
* @param array $parameters: Parameters (not used)
|
||
* @param TYPO3AJAX $parent: The calling parent AJAX object
|
||
* @return void
|
||
*/
|
||
public function getChallenge(array $parameters, TYPO3AJAX $parent) {
|
||
session_start();
|
||
$_SESSION['login_challenge'] = md5(uniqid('') . getmypid());
|
||
session_commit();
|
||
$parent->addContent('challenge', $_SESSION['login_challenge']);
|
||
$parent->setContentFormat('json');
|
||
}
|
||
}
|
||
if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/classes/class.ajaxlogin.php']) {
|
typo3/backend.php (Arbeitskopie) | ||
---|---|---|
$menuFrameName = 'topmenuFrame';
|
||
}
|
||
// create challenge for the (re)login form and save it in the session.
|
||
$challenge = md5(uniqid('').getmypid());
|
||
session_start();
|
||
$_SESSION['login_challenge'] = $challenge;
|
||
// determine security level from conf vars and default to super challenged
|
||
if ($GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel']) {
|
||
$this->loginSecurityLevel = $GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel'];
|
||
... | ... | |
'username' => htmlspecialchars($GLOBALS['BE_USER']->user['username']),
|
||
'uniqueID' => t3lib_div::shortMD5(uniqid('')),
|
||
'securityLevel' => $this->loginSecurityLevel,
|
||
'challenge' => $challenge,
|
||
'TYPO3_mainDir' => TYPO3_mainDir,
|
||
'pageModule' => $pageModule,
|
||
'condensedMode' => $GLOBALS['BE_USER']->uc['condensedMode'] ? 1 : 0 ,
|
typo3/ajax.php (Arbeitskopie) | ||
---|---|---|
'BackendLogin::login',
|
||
'BackendLogin::logout',
|
||
'BackendLogin::refreshLogin',
|
||
'BackendLogin::isTimedOut'
|
||
'BackendLogin::isTimedOut',
|
||
'BackendLogin::getChallenge',
|
||
);
|
||
// if we're trying to do an ajax login, don't require a user.
|
- « Previous
- 1
- 2
- Next »