File: class.t3lib_beuserauth.php

package info (click to toggle)
typo3-src 4.0.2%2Bdebian-3
  • links: PTS
  • area: main
  • in suites: etch-m68k
  • size: 29,856 kB
  • ctags: 33,382
  • sloc: php: 134,523; xml: 6,976; sql: 1,084; sh: 168; makefile: 45
file content (364 lines) | stat: -rw-r--r-- 14,276 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
 
<?php
/***************************************************************
*  Copyright notice
*
*  (c) 1999-2006 Kasper Skaarhoj (kasperYYYY@typo3.com)
*  All rights reserved
*
*  This script is part of the TYPO3 project. The TYPO3 project is
*  free software; you can redistribute it and/or modify
*  it under the terms of the GNU General Public License as published by
*  the Free Software Foundation; either version 2 of the License, or
*  (at your option) any later version.
*
*  The GNU General Public License can be found at
*  http://www.gnu.org/copyleft/gpl.html.
*  A copy is found in the textfile GPL.txt and important notices to the license
*  from the author is found in LICENSE.txt distributed with these scripts.
*
*
*  This script is distributed in the hope that it will be useful,
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*  GNU General Public License for more details.
*
*  This copyright notice MUST APPEAR in all copies of the script!
***************************************************************/
/**
 * Contains class for TYPO3 backend user authentication
 *
 * $Id: class.t3lib_beuserauth.php 1421 2006-04-10 09:27:15Z mundaun $
 * Revised for TYPO3 3.6 July/2003 by Kasper Skaarhoj
 *
 * @author	Kasper Skaarhoj <kasperYYYY@typo3.com>
 * @internal
 */
/**
 * [CLASS/FUNCTION INDEX of SCRIPT]
 *
 *
 *
 *   76: class t3lib_beUserAuth extends t3lib_userAuthGroup
 *  150:     function trackBeUser($flag)
 *  168:     function checkLockToIP()
 *  188:     function backendCheckLogin()
 *  216:     function checkCLIuser()
 *  240:     function backendSetUC()
 *  278:     function overrideUC()
 *  288:     function resetUC()
 *  301:     function emailAtLogin()
 *  353:     function veriCode()
 *
 * TOTAL FUNCTIONS: 9
 * (This index is automatically created/updated by the extension "extdeveval")
 *
 */










/**
 * TYPO3 user authentication, backend
 * Could technically have been the same class as t3lib_userauthgroup since these two are always used together and only together.
 * t3lib_userauthgroup contains most of the functions used for checking permissions, authenticating users, setting up the user etc. This class is most interesting in terms of an API for user from outside.
 * This class contains the configuration of the database fields used plus some functions for the authentication process of backend users.
 *
 * @author	Kasper Skaarhoj <kasperYYYY@typo3.com>
 * @package TYPO3
 * @subpackage t3lib
 */
class t3lib_beUserAuth extends t3lib_userAuthGroup {
	var $session_table = 'be_sessions'; 		// Table to use for session data.
	var $name = 'be_typo_user';                 // Session/Cookie name

	var $user_table = 'be_users'; 					// Table in database with userdata
	var $username_column = 'username'; 			// Column for login-name
	var $userident_column = 'password'; 		// Column for password
	var $userid_column = 'uid'; 					// Column for user-id
	var $lastLogin_column = 'lastlogin';
	var $notifyHeader = 'From: TYPO3 Login notify <no_reply@no_reply.no_reply>';

	var $enablecolumns = Array (
		'rootLevel' => 1,
		'deleted' => 'deleted',
		'disabled' => 'disable',
		'starttime' => 'starttime',
		'endtime' => 'endtime'
	);

	var $formfield_uname = 'username'; 			// formfield with login-name
	var $formfield_uident = 'userident'; 		// formfield with password
	var $formfield_chalvalue = 'challenge';		// formfield with a unique value which is used to encrypt the password and username
	var $formfield_status = 'login_status'; 	// formfield with status: *'login', 'logout'
	var $security_level = 'superchallenged';	// sets the level of security. *'normal' = clear-text. 'challenged' = hashed password/username from form in $formfield_uident. 'superchallenged' = hashed password hashed again with username.

	var $writeStdLog = 1;					// Decides if the writelog() function is called at login and logout
	var $writeAttemptLog = 1;				// If the writelog() functions is called if a login-attempt has be tried without success

	var $auth_include = '';						// this is the name of the include-file containing the login form. If not set, login CAN be anonymous. If set login IS needed.

	var $auth_timeout_field = 6000;				// if > 0 : session-timeout in seconds. if false/<0 : no timeout. if string: The string is fieldname from the usertable where the timeout can be found.
	var $lifetime = 0;                  		// 0 = Session-cookies. If session-cookies, the browser will stop session when the browser is closed. Else it keeps the session for $lifetime seconds.
	var $challengeStoredInCookie = TRUE;


		// User Config:
	var $uc;

		// User Config Default values:
		// The array may contain other fields for configuration. For this, see "setup" extension and "TSConfig" document (User TSconfig, "setup.[xxx]....")
		/*
			Reserved keys for other storage of session data:
			moduleData
			moduleSessionID
		*/
	var $uc_default = Array (
		'interfaceSetup' => '',	// serialized content that is used to store interface pane and menu positions. Set by the logout.php-script
		'moduleData' => Array(),	// user-data for the modules
		'thumbnailsByDefault' => 0,
		'emailMeAtLogin' => 0,
		'condensedMode' => 0,
		'noMenuMode' => 0,
		'startInTaskCenter' => 0,
		'hideSubmoduleIcons' => 0,
		'helpText' => 1,
		'titleLen' => 30,
		'edit_wideDocument' => '0',
		'edit_showFieldHelp' => 'icon',
		'edit_RTE' => '1',
		'edit_docModuleUpload' => '1',
		'disableCMlayers' => 0,
		'navFrameWidth' => '',	// Default is 245 pixels
		'navFrameResizable' => 0,
	);


	/**
	 * If flag is set and the extensions 'beuser_tracking' is loaded, this will insert a table row with the REQUEST_URI of current script - thus tracking the scripts the backend users uses...
	 * This function works ONLY with the "beuser_tracking" extension and is deprecated since it does nothing useful.
	 *
	 * @param	boolean		Activate insertion of the URL.
	 * @return	void
	 * @access private
	 */
	function trackBeUser($flag)	{
		if ($flag && t3lib_extMgm::isLoaded('beuser_tracking'))	{
			$insertFields = array(
				'userid' => intval($this->user['uid']),
				'tstamp' => time(),
				'script' => t3lib_div::getIndpEnv('REQUEST_URI')
			);

			$GLOBALS['TYPO3_DB']->exec_INSERTquery('sys_trackbeuser', $insertFields);
		}
	}

	/**
	 * If TYPO3_CONF_VARS['BE']['enabledBeUserIPLock'] is enabled and an IP-list is found in the User TSconfig objString "options.lockToIP", then make an IP comparison with REMOTE_ADDR and return the outcome (true/false)
	 *
	 * @return	boolean		True, if IP address validates OK (or no check is done at all)
	 * @access private
	 */
	function checkLockToIP()	{
		global $TYPO3_CONF_VARS;
		$out = 1;
		if ($TYPO3_CONF_VARS['BE']['enabledBeUserIPLock'])	{
			$IPList = $this->getTSConfigVal('options.lockToIP');
			if (trim($IPList))	{
				$baseIP = t3lib_div::getIndpEnv('REMOTE_ADDR');
				$out = t3lib_div::cmpIP($baseIP, $IPList);
			}
		}
		return $out;
	}

	/**
	 * Check if user is logged in and if so, call ->fetchGroupData() to load group information and access lists of all kind, further check IP, set the ->uc array and send login-notification email if required.
	 * If no user is logged in the default behaviour is to exit with an error message, but this will happen ONLY if the constant TYPO3_PROCEED_IF_NO_USER is set true.
	 * This function is called right after ->start() in fx. init.php
	 *
	 * @return	void
	 */
	function backendCheckLogin()	{
		if (!$this->user['uid'])	{
			if (!defined('TYPO3_PROCEED_IF_NO_USER') || !TYPO3_PROCEED_IF_NO_USER)	{
				t3lib_BEfunc::typo3PrintError ('Login-error or session timed-out', 'No user logged in! Sorry, I can\'t proceed then!<br /><br />(You must have cookies enabled!)<br /><br />If your session has just timed-out, you may<br /><a href="'.t3lib_div::locationHeaderUrl(t3lib_div::getIndpEnv('TYPO3_SITE_URL').TYPO3_mainDir.'index.php'.'" target="_top">click here to re-login</a>.',0));
				exit;
			}
		} else {	// ...and if that's the case, call these functions
			$this->fetchGroupData();	//	The groups are fetched and ready for permission checking in this initialization.	Tables.php must be read before this because stuff like the modules has impact in this
			if ($this->checkLockToIP())	{
				if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] || $this->isAdmin())	{
					$this->backendSetUC();		// Setting the UC array. It's needed with fetchGroupData first, due to default/overriding of values.
					$this->emailAtLogin();		// email at login - if option set.
				} else {
					t3lib_BEfunc::typo3PrintError ('Login-error','TYPO3 is in maintenance mode at the moment. Only administrators are allowed access.',0);
					exit;
				}
			} else {
				t3lib_BEfunc::typo3PrintError ('Login-error','IP locking prevented you from being authorized. Can\'t proceed, sorry.',0);
				exit;
			}
		}
	}

	/**
	 * If the backend script is in CLI mode, it will try to load a backend user named by the CLI module name (in lowercase)
	 *
	 * @return	boolean		Returns true if a CLI user was loaded, otherwise false!
	 */
	function checkCLIuser()	{
			// First, check if cliMode is enabled:
		if (defined('TYPO3_cliMode') && TYPO3_cliMode)	{
			if (!$this->user['uid'])	{
				if (substr($GLOBALS['MCONF']['name'],0,5)=='_CLI_')	{
					$userName = strtolower($GLOBALS['MCONF']['name']);
					$this->setBeUserByName($userName);
					if ($this->user['uid'])	{
						if (!$this->isAdmin())	{
							return TRUE;
						} else die('ERROR: CLI backend user "'.$userName.'" was ADMIN which is not allowed!'.chr(10).chr(10));
					} else die('ERROR: No backend user named "'.$userName.'" was found! [Database: '.TYPO3_db.']'.chr(10).chr(10));
				} else die('ERROR: Module name, "'.$GLOBALS['MCONF']['name'].'", was not prefixed with "_CLI_"'.chr(10).chr(10));
			} else die('ERROR: Another user was already loaded which is impossible in CLI mode!'.chr(10).chr(10));
		}
	}

	/**
	 * Initialize the internal ->uc array for the backend user
	 * Will make the overrides if necessary, and write the UC back to the be_users record if changes has happend
	 *
	 * @return	void
	 * @internal
	 */
	function backendSetUC()	{
		global $TYPO3_CONF_VARS;

			// UC - user configuration is a serialized array inside the userobject
		$temp_theSavedUC=unserialize($this->user['uc']);		// if there is a saved uc we implement that instead of the default one.
		if (is_array($temp_theSavedUC))	{
			$this->unpack_uc($temp_theSavedUC);
		}
			// Setting defaults if uc is empty
		if (!is_array($this->uc))	{
			$this->uc = array_merge($this->uc_default, (array)$TYPO3_CONF_VARS['BE']['defaultUC'], (array)$this->getTSConfigProp('setup.default'));	// Candidate for t3lib_div::array_merge() if integer-keys will some day make trouble...
			$this->overrideUC();
			$U=1;
		}
			// If TSconfig is updated, update the defaultUC.
		if ($this->userTSUpdated)	{
			$this->overrideUC();
			$U=1;
		}
			// Setting default lang from be_user record.
		if (!isset($this->uc['lang']))	{
			$this->uc['lang']=$this->user['lang'];
			$U=1;
		}

			// Saving if updated.
		if ($U)	{
			$this->writeUC();	// Method from the t3lib_userauth class.
		}
	}

	/**
	 * Override: Call this function every time the uc is updated.
	 * That is 1) by reverting to default values, 2) in the setup-module, 3) userTS changes (userauthgroup)
	 *
	 * @return	void
	 * @internal
	 */
	function overrideUC()	{
		$this->uc = array_merge((array)$this->uc, (array)$this->getTSConfigProp('setup.override'));	// Candidate for t3lib_div::array_merge() if integer-keys will some day make trouble...
	}

	/**
	 * Clears the user[uc] and ->uc to blank strings. Then calls ->backendSetUC() to fill it again with reset contents
	 *
	 * @return	void
	 * @internal
	 */
	function resetUC()	{
		$this->user['uc']='';
		$this->uc='';
		$this->backendSetUC();
	}

	/**
	 * Will send an email notification to warning_email_address/the login users email address when a login session is just started.
	 * Depends on various parameters whether mails are send and to whom.
	 *
	 * @return	void
	 * @access private
	 */
	function emailAtLogin()	{
		if ($this->loginSessionStarted)	{
				// Send notify-mail
			$subject = 'At "'.$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'].'"'.
						' from '.t3lib_div::getIndpEnv('REMOTE_ADDR').
						(t3lib_div::getIndpEnv('REMOTE_HOST') ? ' ('.t3lib_div::getIndpEnv('REMOTE_HOST').')' : '');
			$msg = sprintf ('User "%s" logged in from %s (%s) at "%s" (%s)',
				$this->user['username'],
				t3lib_div::getIndpEnv('REMOTE_ADDR'),
				t3lib_div::getIndpEnv('REMOTE_HOST'),
				$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'],
				t3lib_div::getIndpEnv('HTTP_HOST')
			);

				// Warning email address
			if ($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'])	{
				$warn=0;
				$prefix='';
				if (intval($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_mode']) & 1)	{	// first bit: All logins
					$warn=1;
					$prefix= $this->isAdmin() ? '[AdminLoginWarning]' : '[LoginWarning]';
				}
				if ($this->isAdmin() && (intval($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_mode']) & 2))	{	// second bit: Only admin-logins
					$warn=1;
					$prefix='[AdminLoginWarning]';
				}
				if ($warn)	{
					mail($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'],
						$prefix.' '.$subject,
						$msg,
						$this->notifyHeader
					);
				}
			}

				// If An email should be sent to the current user, do that:
			if ($this->uc['emailMeAtLogin'] && strstr($this->user['email'],'@'))	{
				mail($this->user['email'],
					$subject,
					$msg,
					$this->notifyHeader
				);
			}
		}
	}

	/**
	 * VeriCode returns 10 first chars of a md5 hash of the session cookie AND the encryptionKey from TYPO3_CONF_VARS.
	 * This code is used as an alternative verification when the JavaScript interface executes cmd's to tce_db.php from eg. MSIE 5.0 because the proper referer is not passed with this browser...
	 *
	 * @return	string
	 */
	function veriCode()	{
		return substr(md5($this->id.$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']),0,10);
	}
}




if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_beuserauth.php'])	{
	include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_beuserauth.php']);
}
?>