Project

General

Profile

Download (5.15 KB)

Bug #21568 » 0012612.patch

Administrator Admin, 2009-11-17 14:41

View differences:

t3lib/config_default.php (Arbeitskopie)
'BackendLogin::logout' => 'typo3/classes/class.ajaxlogin.php:AjaxLogin->logout',
'BackendLogin::refreshLogin' => 'typo3/classes/class.ajaxlogin.php:AjaxLogin->refreshLogin',
'BackendLogin::isTimedOut' => 'typo3/classes/class.ajaxlogin.php:AjaxLogin->isTimedOut',
'BackendLogin::getChallenge' => 'typo3/classes/class.ajaxlogin.php:AjaxLogin->getChallenge',
'WorkspaceMenu::toggleWorkspacePreview' => 'typo3/classes/class.workspaceselector.php:WorkspaceSelector->toggleWorkspacePreview',
'WorkspaceMenu::setWorkspace' => 'typo3/classes/class.workspaceselector.php:WorkspaceSelector->setWorkspace'
),
typo3/js/loginrefresh.js (Arbeitskopie)
inputType: "hidden",
name: "challenge",
id: "challenge",
value: TYPO3.configuration.challenge
value: ''
}
],
keys:({
key: Ext.EventObject.ENTER,
fn: this.submitForm,
fn: this.triggerSubmitForm,
scope: this
}),
buttons: [{
text: TYPO3.LLL.core.refresh_login_button,
formBind: true,
handler: this.submitForm
handler: this.triggerSubmitForm
}, {
text: TYPO3.LLL.core.refresh_logout_button,
formBind: true,
......
Ext.TaskMgr.stop(this.loadingTask);
},
submitForm: function() {
submitForm: function(challenge) {
var form = Ext.getCmp("loginform").getForm();
var fields = form.getValues();
if (fields.p_field === "") {
......
fields.p_field = MD5(fields.p_field);
}
if (TS.securityLevel == "superchallenged" || TS.securityLevel == "challenged") {
fields.userident = MD5(fields.username + ":" + fields.p_field + ":" + fields.challenge);
fields.challenge = challenge;
fields.userident = MD5(fields.username + ":" + fields.p_field + ":" + challenge);
} else {
fields.userident = fields.p_field;
}
......
}
});
}
},
triggerSubmitForm: function() {
if (TS.securityLevel == 'superchallenged' || TS.securityLevel == 'challenged') {
Ext.Ajax.request({
url: 'ajax.php',
params: {
'ajaxID': 'BackendLogin::getChallenge',
'skipSessionUpdate': 1
},
method: 'GET',
success: function(response) {
var result = Ext.util.JSON.decode(response.responseText);
if (result.challenge) {
Ext.getCmp('challenge').value = result.challenge;
TYPO3.loginRefresh.submitForm(result.challenge);
}
},
scope: this
});
} else {
this.submitForm();
}
}
});
typo3/classes/class.ajaxlogin.php (Arbeitskopie)
$ajaxObj->addContent('login', array('success' => FALSE, 'error' => 'No BE_USER object'));
}
}
/**
* Gets a MD5 challenge.
*
* @param array $parameters: Parameters (not used)
* @param TYPO3AJAX $parent: The calling parent AJAX object
* @return void
*/
public function getChallenge(array $parameters, TYPO3AJAX $parent) {
session_start();
$_SESSION['login_challenge'] = md5(uniqid('') . getmypid());
session_commit();
$parent->addContent('challenge', $_SESSION['login_challenge']);
$parent->setContentFormat('json');
}
}
if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/classes/class.ajaxlogin.php']) {
typo3/backend.php (Arbeitskopie)
$menuFrameName = 'topmenuFrame';
}
// create challenge for the (re)login form and save it in the session.
$challenge = md5(uniqid('').getmypid());
session_start();
$_SESSION['login_challenge'] = $challenge;
// determine security level from conf vars and default to super challenged
if ($GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel']) {
$this->loginSecurityLevel = $GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel'];
......
'username' => htmlspecialchars($GLOBALS['BE_USER']->user['username']),
'uniqueID' => t3lib_div::shortMD5(uniqid('')),
'securityLevel' => $this->loginSecurityLevel,
'challenge' => $challenge,
'TYPO3_mainDir' => TYPO3_mainDir,
'pageModule' => $pageModule,
'condensedMode' => $GLOBALS['BE_USER']->uc['condensedMode'] ? 1 : 0 ,
typo3/ajax.php (Arbeitskopie)
'BackendLogin::login',
'BackendLogin::logout',
'BackendLogin::refreshLogin',
'BackendLogin::isTimedOut'
'BackendLogin::isTimedOut',
'BackendLogin::getChallenge',
);
// if we're trying to do an ajax login, don't require a user.
(2-2/2)