2 namespace TYPO3\CMS\Install\Controller;
44 protected function isInstallToolAvailable()
47 $installToolEnableService = $this->objectManager->get(\TYPO3\CMS\Install\Service\EnableFileService::class);
48 if ($installToolEnableService->isFirstInstallAllowed()) {
51 return $installToolEnableService->checkInstallToolEnableFile();
63 protected function outputInstallToolNotEnabledMessageIfNeeded()
65 if (!$this->isInstallToolAvailable()) {
68 $action = $this->objectManager->get(\TYPO3\CMS\Install\Controller\Action\Common\FirstInstallAction::class);
69 $action->setAction(
'firstInstall');
72 $action = $this->objectManager->get(\TYPO3\CMS\Install\Controller\Action\Common\InstallToolDisabledAction::class);
73 $action->setAction(
'installToolDisabled');
75 $action->setController(
'common');
76 $this->
output($action->handle());
86 protected function outputInstallToolPasswordNotSetMessageIfNeeded()
88 if (!$this->isInitialInstallationInProgress()
89 && (empty(
$GLOBALS[
'TYPO3_CONF_VARS'][
'BE'][
'installToolPassword']))
92 $action = $this->objectManager->get(\TYPO3\CMS\Install\Controller\Action\Common\InstallToolPasswordNotSetAction::class);
93 $action->setController(
'common');
94 $action->setAction(
'installToolPasswordNotSet');
95 $this->
output($action->handle());
105 protected function checkSessionToken()
109 if (!empty($postValues)) {
111 if (isset($postValues[
'token'])) {
113 $formProtection = \TYPO3\CMS\Core\FormProtection\FormProtectionFactory::get(
114 \TYPO3\CMS\Core\FormProtection\InstallToolFormProtection::class
117 if ($action ===
'') {
119 'No POST action given for token check',
123 $tokenOk = $formProtection->validateToken($postValues[
'token'],
'installTool', $action);
129 $this->handleSessionTokenCheck($tokenOk);
140 protected function handleSessionTokenCheck($tokenOk)
143 $this->session->resetSession();
144 $this->session->startSession();
146 if ($this->isInitialInstallationInProgress()) {
150 $message = $this->objectManager->get(\TYPO3\CMS\Install\Status\ErrorStatus::class);
151 $message->setTitle(
'Invalid form token');
152 $message->setMessage(
153 'The form protection token was invalid. You have been logged out, please log in and try again.'
155 $this->
output($this->loginForm($message));
167 if ($this->session->isExpired()) {
169 $this->session->resetSession();
170 $this->session->startSession();
172 $this->handleSessionLifeTimeExpired();
182 protected function handleSessionLifeTimeExpired()
184 if ($this->isInitialInstallationInProgress()) {
188 $message = $this->objectManager->get(\TYPO3\CMS\Install\Status\ErrorStatus::class);
189 $message->setTitle(
'Session expired');
190 $message->setMessage(
191 'Your Install Tool session has expired. You have been logged out, please log in and try again.'
193 $this->
output($this->loginForm($message));
203 protected function loginForm(\TYPO3\CMS\Install\Status\StatusInterface $message = null)
206 $action = $this->objectManager->get(\TYPO3\CMS\Install\Controller\Action\Common\LoginForm::class);
207 $action->setController(
'common');
208 $action->setAction(
'login');
209 $action->setToken($this->generateTokenForAction(
'login'));
212 $action->setMessages(array($message));
214 $content = $action->handle();
223 protected function loginIfRequested()
227 if ($action ===
'login') {
229 $validPassword =
false;
230 if (isset($postValues[
'values'][
'password'])) {
231 $password = $postValues[
'values'][
'password'];
232 $installToolPassword =
$GLOBALS[
'TYPO3_CONF_VARS'][
'BE'][
'installToolPassword'];
233 $saltFactory = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($installToolPassword);
234 if (is_object($saltFactory)) {
235 $validPassword = $saltFactory->checkPassword($password, $installToolPassword);
236 }
elseif (md5($password) === $installToolPassword) {
238 $saltFactory = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(null,
'BE');
239 $configurationManager = $this->objectManager->get(\TYPO3\CMS\Core\Configuration\ConfigurationManager::class);
240 $configurationManager->setLocalConfigurationValueByPath(
241 'BE/installToolPassword',
242 $saltFactory->getHashedPassword($password)
244 $validPassword =
true;
247 if ($validPassword) {
248 $this->session->setAuthorized();
249 $this->sendLoginSuccessfulMail();
252 $saltFactory = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance(null,
'BE');
253 $hashedPassword = $saltFactory->getHashedPassword($password);
255 $message = $this->objectManager->get(\TYPO3\CMS\Install\Status\ErrorStatus::class);
256 $message->setTitle(
'Login failed');
257 $message->setMessage(
'Given password does not match the install tool login password. ' .
258 'Calculated hash: ' . $hashedPassword);
259 $this->sendLoginFailedMail();
260 $this->
output($this->loginForm($message));
273 if (!$this->session->isAuthorized()
274 && !$this->isInitialInstallationInProgress()
276 $this->
output($this->loginForm());
278 $this->session->refreshSession();
287 protected function sendLoginSuccessfulMail()
289 $warningEmailAddress =
$GLOBALS[
'TYPO3_CONF_VARS'][
'BE'][
'warning_email_addr'];
290 if ($warningEmailAddress) {
292 $mailMessage = $this->objectManager->get(\TYPO3\CMS\Core\Mail\MailMessage::class);
294 ->addTo($warningEmailAddress)
295 ->setSubject(
'Install Tool Login at \'' .
$GLOBALS[
'TYPO3_CONF_VARS'][
'SYS'][
'sitename'] .
'\'')
297 ->setBody(
'There has been an Install Tool login at TYPO3 site'
298 .
' \'' .
$GLOBALS[
'TYPO3_CONF_VARS'][
'SYS'][
'sitename'] .
'\''
311 protected function sendLoginFailedMail()
314 $warningEmailAddress =
$GLOBALS[
'TYPO3_CONF_VARS'][
'BE'][
'warning_email_addr'];
315 if ($warningEmailAddress) {
317 $mailMessage = $this->objectManager->get(\TYPO3\CMS\Core\Mail\MailMessage::class);
319 ->addTo($warningEmailAddress)
320 ->setSubject(
'Install Tool Login ATTEMPT at \'' .
$GLOBALS[
'TYPO3_CONF_VARS'][
'SYS'][
'sitename'] .
'\'')
322 ->setBody(
'There has been an Install Tool login attempt at TYPO3 site'
323 .
' \'' .
$GLOBALS[
'TYPO3_CONF_VARS'][
'SYS'][
'sitename'] .
'\''
325 .
' The last 5 characters of the MD5 hash of the password tried was \'' . substr(md5($formValues[
'password']), -5) .
'\''
339 protected function generateTokenForAction($action = null)
344 if ($action ===
'') {
346 'Token must have a valid action name',
351 $formProtection = \TYPO3\CMS\Core\FormProtection\FormProtectionFactory::get(
352 \TYPO3\CMS\Core\FormProtection\InstallToolFormProtection::class
354 return $formProtection->generateToken(
'installTool', $action);
363 protected function isInitialInstallationInProgress()
366 $configurationManager = $this->objectManager->get(\TYPO3\CMS\Core\Configuration\ConfigurationManager::class);
368 $localConfigurationFileLocation = $configurationManager->getLocalConfigurationFileLocation();
369 $localConfigurationFileExists = @is_file($localConfigurationFileLocation);
371 if (!$localConfigurationFileExists
372 || !empty(
$GLOBALS[
'TYPO3_CONF_VARS'][
'SYS'][
'isInitialInstallationInProgress'])
386 protected function initializeSession()
389 $this->session = $this->objectManager->get(\TYPO3\CMS\Install\Service\SessionService::class);
390 if (!$this->session->hasSession()) {
391 $this->session->startSession();
403 foreach ($messages as $message) {
404 $this->session->addMessage($message);
413 protected function initializeObjectManager()
427 protected function loadBaseExtensions()
430 require(\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extPath(
'dbal') .
'ext_localconf.php');
434 require(\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extPath(
'extbase') .
'ext_localconf.php');
436 $cacheConfigurations =
$GLOBALS[
'TYPO3_CONF_VARS'][
'SYS'][
'caching'][
'cacheConfigurations'];
438 $cacheConfigurationsWithCachesSetToNullBackend = array();
439 foreach ($cacheConfigurations as $cacheName => $cacheConfiguration) {
441 if (is_array($cacheConfiguration) && $cacheName !==
'cache_core') {
442 $cacheConfiguration[
'backend'] = NullBackend::class;
443 $cacheConfiguration[
'options'] = array();
445 $cacheConfigurationsWithCachesSetToNullBackend[$cacheName] = $cacheConfiguration;
450 $cacheManager->setCacheConfigurations($cacheConfigurationsWithCachesSetToNullBackend);
460 if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded(
'adodb')
461 && \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded(
'dbal')
476 if (!in_array($action, $this->authenticationActions)) {
478 $action .
' is not a valid authentication action',
494 if (isset($formValues[
'action'])) {
495 $action = $formValues[
'action'];
498 && $action !==
'login'
499 && $action !==
'loginForm'
500 && $action !==
'logout'
501 && !in_array($action, $this->authenticationActions)
504 'Invalid action ' . $action,
520 if (!is_array($postValues)) {
521 $postValues = array();
534 protected function redirect($controller =
'', $action =
'')
538 $parameters = array();
541 if (isset($getPostValues[
'redirectCount'])) {
542 $redirectCount = (int)$getPostValues[
'redirectCount'] + 1;
546 if ($redirectCount >= 10) {
549 throw new Exception\RedirectLoopException(
550 'Redirect loop aborted. If this message is shown again after a reload,' .
551 ' your setup is so weird that the install tool is unable to handle it.' .
552 ' Please make sure to remove the "install[redirectCount]" parameter from your request or' .
553 ' restart the install tool from the backend navigation.',
557 $parameters[] =
'install[redirectCount]=' . $redirectCount;
560 $context =
'install[context]=standalone';
561 if (isset($getPostValues[
'context']) && $getPostValues[
'context'] ===
'backend') {
562 $context =
'install[context]=backend';
564 $parameters[] = $context;
567 $controllerParameter =
'install[controller]=step';
568 if ((isset($getPostValues[
'controller']) && $getPostValues[
'controller'] ===
'tool')
569 || $controller ===
'tool'
571 $controllerParameter =
'install[controller]=tool';
573 $parameters[] = $controllerParameter;
576 if ((
string)$action !==
'') {
577 $parameters[] =
'install[action]=' . $action;
580 $redirectLocation =
'Install.php?' . implode(
'&', $parameters);
582 \TYPO3\CMS\Core\Utility\HttpUtility::redirect(
584 \TYPO3\CMS\Core\Utility\HttpUtility::HTTP_STATUS_303
596 header(
'Content-Type: text/html; charset=utf-8');
597 header(
'Cache-Control: no-cache, must-revalidate');
598 header(
'Pragma: no-cache');
612 return !empty(
$GLOBALS[
'TYPO3_CONF_VARS'][
'MAIL'][
'defaultMailFromAddress'])
613 ?
$GLOBALS[
'TYPO3_CONF_VARS'][
'MAIL'][
'defaultMailFromAddress']
614 :
'no-reply@example.com';
626 return !empty(
$GLOBALS[
'TYPO3_CONF_VARS'][
'MAIL'][
'defaultMailFromName'])
627 ?
$GLOBALS[
'TYPO3_CONF_VARS'][
'MAIL'][
'defaultMailFromName']
628 :
'TYPO3 CMS install tool';