vendor/contao/core-bundle/src/Resources/contao/modules/ModuleLogin.php line 120

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of Contao.
  5.  *
  6.  * (c) Leo Feyer
  7.  *
  8.  * @license LGPL-3.0-or-later
  9.  */
  11. namespace Contao;
  13. use Contao\CoreBundle\Security\Exception\LockedException;
  14. use Nyholm\Psr7\Uri;
  15. use Scheb\TwoFactorBundle\Security\Authentication\Exception\InvalidTwoFactorCodeException;
  16. use Scheb\TwoFactorBundle\Security\TwoFactor\Event\TwoFactorAuthenticationEvent;
  17. use Scheb\TwoFactorBundle\Security\TwoFactor\Event\TwoFactorAuthenticationEvents;
  18. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  20. /**
  21.  * Front end module "login".
  22.  */
  23. class ModuleLogin extends Module
  24. {
  25.     /**
  26.      * Template
  27.      * @var string
  28.      */
  29.     protected $strTemplate 'mod_login';
  31.     /**
  32.      * Flash type
  33.      * @var string
  34.      */
  35.     protected $strFlashType 'contao.FE.error';
  37.     /**
  38.      * @var string
  39.      */
  40.     private $targetPath '';
  42.     /**
  43.      * Display a login form
  44.      *
  45.      * @return string
  46.      */
  47.     public function generate()
  48.     {
  49.         $request System::getContainer()->get('request_stack')->getCurrentRequest();
  51.         if ($request && System::getContainer()->get('contao.routing.scope_matcher')->isBackendRequest($request))
  52.         {
  53.             $objTemplate = new BackendTemplate('be_wildcard');
  54.             $objTemplate->wildcard '### ' $GLOBALS['TL_LANG']['FMD']['login'][0] . ' ###';
  55.             $objTemplate->title $this->headline;
  56.             $objTemplate->id $this->id;
  57.             $objTemplate->link $this->name;
  58.             $objTemplate->href StringUtil::specialcharsUrl(System::getContainer()->get('router')->generate('contao_backend', array('do'=>'themes''table'=>'tl_module''act'=>'edit''id'=>$this->id)));
  60.             return $objTemplate->parse();
  61.         }
  63.         // If the form was submitted and the credentials were wrong, take the target
  64.         // path from the submitted data as otherwise it would take the current page
  65.         if ($request && $request->isMethod('POST'))
  66.         {
  67.             $this->targetPath base64_decode($request->request->get('_target_path'));
  68.         }
  69.         elseif ($request && $this->redirectBack)
  70.         {
  71.             if ($request->query->has('redirect'))
  72.             {
  73.                 $uriSigner System::getContainer()->get('uri_signer');
  75.                 // We cannot use $request->getUri() here as we want to work with the original URI (no query string reordering)
  76.                 if ($uriSigner->check($request->getSchemeAndHttpHost() . $request->getBaseUrl() . $request->getPathInfo() . (null !== ($qs $request->server->get('QUERY_STRING')) ? '?' $qs '')))
  77.                 {
  78.                     $this->targetPath $request->query->get('redirect');
  79.                 }
  80.             }
  81.             elseif ($referer $request->headers->get('referer'))
  82.             {
  83.                 $refererUri = new Uri($referer);
  84.                 $requestUri = new Uri($request->getUri());
  86.                 // Use the HTTP referer as a fallback, but only if scheme and host matches with the current request (see #5860)
  87.                 if ($refererUri->getScheme() === $requestUri->getScheme() && $refererUri->getHost() === $requestUri->getHost() && $refererUri->getPort() === $requestUri->getPort())
  88.                 {
  89.                     $this->targetPath = (string) $refererUri;
  90.                 }
  91.             }
  92.         }
  94.         return parent::generate();
  95.     }
  97.     /**
  98.      * Generate the module
  99.      */
  100.     protected function compile()
  101.     {
  102.         /** @var PageModel $objPage */
  103.         global $objPage;
  105.         $container System::getContainer();
  106.         $request $container->get('request_stack')->getCurrentRequest();
  107.         $exception null;
  108.         $lastUsername '';
  110.         $this->Template->requestToken $container->get('contao.csrf.token_manager')->getDefaultTokenValue();
  112.         // Only call the authentication utils if there is an active session to prevent starting an empty session
  113.         if ($request && $request->hasSession() && ($request->hasPreviousSession() || $request->getSession()->isStarted()))
  114.         {
  115.             $authUtils $container->get('security.authentication_utils');
  116.             $exception $authUtils->getLastAuthenticationError();
  117.             $lastUsername $authUtils->getLastUsername();
  118.         }
  120.         $authorizationChecker $container->get('security.authorization_checker');
  122.         if ($authorizationChecker->isGranted('ROLE_MEMBER'))
  123.         {
  124.             $this->import(FrontendUser::class, 'User');
  126.             $strRedirect Environment::get('base') . Environment::get('request');
  128.             // Redirect to last page visited
  129.             if ($this->redirectBack && $this->targetPath)
  130.             {
  131.                 $strRedirect $this->targetPath;
  132.             }
  134.             // Redirect home if the page is protected
  135.             elseif ($objPage->protected)
  136.             {
  137.                 $strRedirect Environment::get('base');
  138.             }
  140.             $this->Template->logout true;
  141.             $this->Template->formId 'tl_logout_' $this->id;
  142.             $this->Template->slabel StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['logout']);
  143.             $this->Template->loggedInAs sprintf($GLOBALS['TL_LANG']['MSC']['loggedInAs'], $this->User->username);
  144.             $this->Template->action $container->get('security.logout_url_generator')->getLogoutPath();
  145.             $this->Template->targetPath StringUtil::specialchars($strRedirect);
  147.             if ($this->User->lastLogin 0)
  148.             {
  149.                 $this->Template->lastLogin sprintf($GLOBALS['TL_LANG']['MSC']['lastLogin'][1], Date::parse($objPage->datimFormat$this->User->lastLogin));
  150.             }
  152.             return;
  153.         }
  155.         if ($exception instanceof LockedException)
  156.         {
  157.             $this->Template->hasError true;
  158.             $this->Template->message sprintf($GLOBALS['TL_LANG']['ERR']['accountLocked'], $exception->getLockedMinutes());
  159.         }
  160.         elseif ($exception instanceof InvalidTwoFactorCodeException)
  161.         {
  162.             $this->Template->hasError true;
  163.             $this->Template->message $GLOBALS['TL_LANG']['ERR']['invalidTwoFactor'];
  164.         }
  165.         elseif ($exception instanceof AuthenticationException)
  166.         {
  167.             $this->Template->hasError true;
  168.             $this->Template->message $GLOBALS['TL_LANG']['ERR']['invalidLogin'];
  169.         }
  171.         $blnRedirectBack false;
  172.         $strRedirect Environment::get('base') . Environment::get('request');
  174.         // Redirect to the last page visited
  175.         if ($this->redirectBack && $this->targetPath)
  176.         {
  177.             $blnRedirectBack true;
  178.             $strRedirect $this->targetPath;
  179.         }
  181.         // Redirect to the jumpTo page
  182.         elseif (($objTarget $this->objModel->getRelated('jumpTo')) instanceof PageModel)
  183.         {
  184.             /** @var PageModel $objTarget */
  185.             $strRedirect $objTarget->getAbsoluteUrl();
  186.         }
  188.         $this->Template->formId 'tl_login_' $this->id;
  189.         $this->Template->forceTargetPath = (int) $blnRedirectBack;
  190.         $this->Template->targetPath StringUtil::specialchars(base64_encode($strRedirect));
  192.         if ($authorizationChecker->isGranted('IS_AUTHENTICATED_2FA_IN_PROGRESS'))
  193.         {
  194.             // Dispatch 2FA form event to prepare 2FA providers
  195.             $token $container->get('security.token_storage')->getToken();
  196.             $event = new TwoFactorAuthenticationEvent($request$token);
  197.             $container->get('event_dispatcher')->dispatch($eventTwoFactorAuthenticationEvents::FORM);
  199.             $this->Template->twoFactorEnabled true;
  200.             $this->Template->authCode $GLOBALS['TL_LANG']['MSC']['twoFactorVerification'];
  201.             $this->Template->slabel StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['continue']);
  202.             $this->Template->cancel $GLOBALS['TL_LANG']['MSC']['cancelBT'];
  203.             $this->Template->twoFactorAuthentication $GLOBALS['TL_LANG']['MSC']['twoFactorAuthentication'];
  205.             return;
  206.         }
  208.         $this->Template->username $GLOBALS['TL_LANG']['MSC']['username'];
  209.         $this->Template->password $GLOBALS['TL_LANG']['MSC']['password'][0];
  210.         $this->Template->slabel StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['login']);
  211.         $this->Template->value Input::encodeInsertTags(StringUtil::specialchars($lastUsername));
  212.         $this->Template->autologin $this->autologin;
  213.         $this->Template->autoLabel $GLOBALS['TL_LANG']['MSC']['autologin'];
  214.     }
  215. }
  217. class_alias(ModuleLogin::class, 'ModuleLogin');