Bug #22410 » 14050_cleaning_t3lib_beuserauth.patch
t3lib/class.t3lib_beuserauth.php (revision ) | ||
---|---|---|
<?php
|
||
/***************************************************************
|
||
* Copyright notice
|
||
*
|
||
* (c) 1999-2010 Kasper Sk?rh?j (kasperYYYY@typo3.com)
|
||
* All rights reserved
|
||
*
|
||
* This script is part of the TYPO3 project. The TYPO3 project is
|
||
* free software; you can redistribute it and/or modify
|
||
* it under the terms of the GNU General Public License as published by
|
||
* the Free Software Foundation; either version 2 of the License, or
|
||
* (at your option) any later version.
|
||
*
|
||
* The GNU General Public License can be found at
|
||
* http://www.gnu.org/copyleft/gpl.html.
|
||
* A copy is found in the textfile GPL.txt and important notices to the license
|
||
* from the author is found in LICENSE.txt distributed with these scripts.
|
||
*
|
||
*
|
||
* This script is distributed in the hope that it will be useful,
|
||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
* GNU General Public License for more details.
|
||
*
|
||
* This copyright notice MUST APPEAR in all copies of the script!
|
||
***************************************************************/
|
||
* Copyright notice
|
||
*
|
||
* (c) 1999-2010 Kasper Sk?rh?j (kasperYYYY@typo3.com)
|
||
* All rights reserved
|
||
*
|
||
* This script is part of the TYPO3 project. The TYPO3 project is
|
||
* free software; you can redistribute it and/or modify
|
||
* it under the terms of the GNU General Public License as published by
|
||
* the Free Software Foundation; either version 2 of the License, or
|
||
* (at your option) any later version.
|
||
*
|
||
* The GNU General Public License can be found at
|
||
* http://www.gnu.org/copyleft/gpl.html.
|
||
* A copy is found in the textfile GPL.txt and important notices to the license
|
||
* from the author is found in LICENSE.txt distributed with these scripts.
|
||
*
|
||
*
|
||
* This script is distributed in the hope that it will be useful,
|
||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
* GNU General Public License for more details.
|
||
*
|
||
* This copyright notice MUST APPEAR in all copies of the script!
|
||
***************************************************************/
|
||
/**
|
||
* Contains class for TYPO3 backend user authentication
|
||
*
|
||
... | ... | |
*
|
||
*
|
||
* 76: class t3lib_beUserAuth extends t3lib_userAuthGroup
|
||
* 150: function trackBeUser($flag)
|
||
* 150: function trackBeUser($flag)
|
||
* 168: function checkLockToIP()
|
||
* 168: function checkLockToIP()
|
||
* 188: function backendCheckLogin()
|
||
* 188: function backendCheckLogin()
|
||
* 216: function checkCLIuser()
|
||
* 216: function checkCLIuser()
|
||
* 240: function backendSetUC()
|
||
* 240: function backendSetUC()
|
||
* 278: function overrideUC()
|
||
* 278: function overrideUC()
|
||
* 288: function resetUC()
|
||
* 288: function resetUC()
|
||
* 301: function emailAtLogin()
|
||
* 301: function emailAtLogin()
|
||
* 353: function veriCode()
|
||
* 353: function veriCode()
|
||
*
|
||
* TOTAL FUNCTIONS: 9
|
||
* (This index is automatically created/updated by the extension "extdeveval")
|
||
... | ... | |
*/
|
||
/**
|
||
* TYPO3 user authentication, backend
|
||
* Could technically have been the same class as t3lib_userauthgroup since these two are always used together and only together.
|
||
... | ... | |
* @subpackage t3lib
|
||
*/
|
||
class t3lib_beUserAuth extends t3lib_userAuthGroup {
|
||
var $session_table = 'be_sessions'; // Table to use for session data.
|
||
var $session_table = 'be_sessions'; // Table to use for session data.
|
||
var $name = 'be_typo_user'; // Session/Cookie name
|
||
var $name = 'be_typo_user'; // Session/Cookie name
|
||
var $user_table = 'be_users'; // Table in database with userdata
|
||
var $user_table = 'be_users'; // Table in database with userdata
|
||
var $username_column = 'username'; // Column for login-name
|
||
var $username_column = 'username'; // Column for login-name
|
||
var $userident_column = 'password'; // Column for password
|
||
var $userident_column = 'password'; // Column for password
|
||
var $userid_column = 'uid'; // Column for user-id
|
||
var $userid_column = 'uid'; // Column for user-id
|
||
var $lastLogin_column = 'lastlogin';
|
||
var $notifyHeader = 'From: TYPO3 Login notify <no_reply@no_reply.no_reply>';
|
||
var $enablecolumns = Array (
|
||
var $enablecolumns = Array(
|
||
'rootLevel' => 1,
|
||
'deleted' => 'deleted',
|
||
'disabled' => 'disable',
|
||
... | ... | |
'endtime' => 'endtime'
|
||
);
|
||
var $formfield_uname = 'username'; // formfield with login-name
|
||
var $formfield_uname = 'username'; // formfield with login-name
|
||
var $formfield_uident = 'userident'; // formfield with password
|
||
var $formfield_uident = 'userident'; // formfield with password
|
||
var $formfield_chalvalue = 'challenge'; // formfield with a unique value which is used to encrypt the password and username
|
||
var $formfield_chalvalue = 'challenge'; // formfield with a unique value which is used to encrypt the password and username
|
||
var $formfield_status = 'login_status'; // formfield with status: *'login', 'logout'
|
||
var $formfield_status = 'login_status'; // formfield with status: *'login', 'logout'
|
||
var $writeStdLog = 1; // Decides if the writelog() function is called at login and logout
|
||
var $writeStdLog = 1; // Decides if the writelog() function is called at login and logout
|
||
var $writeAttemptLog = 1; // If the writelog() functions is called if a login-attempt has be tried without success
|
||
var $writeAttemptLog = 1; // If the writelog() functions is called if a login-attempt has be tried without success
|
||
var $auth_include = ''; // this is the name of the include-file containing the login form. If not set, login CAN be anonymous. If set login IS needed.
|
||
var $auth_include = ''; // this is the name of the include-file containing the login form. If not set, login CAN be anonymous. If set login IS needed.
|
||
var $auth_timeout_field = 6000; // if > 0 : session-timeout in seconds. if false/<0 : no timeout. if string: The string is fieldname from the usertable where the timeout can be found.
|
||
var $auth_timeout_field = 6000; // if > 0 : session-timeout in seconds. if false/<0 : no timeout. if string: The string is fieldname from the usertable where the timeout can be found.
|
||
var $lifetime = 0; // 0 = Session-cookies. If session-cookies, the browser will stop session when the browser is closed. Else it keeps the session for $lifetime seconds.
|
||
var $lifetime = 0; // 0 = Session-cookies. If session-cookies, the browser will stop session when the browser is closed. Else it keeps the session for $lifetime seconds.
|
||
var $challengeStoredInCookie = TRUE;
|
||
... | ... | |
// User Config Default values:
|
||
// The array may contain other fields for configuration. For this, see "setup" extension and "TSConfig" document (User TSconfig, "setup.[xxx]....")
|
||
/*
|
||
Reserved keys for other storage of session data:
|
||
moduleData
|
||
moduleSessionID
|
||
*/
|
||
/*
|
||
Reserved keys for other storage of session data:
|
||
moduleData
|
||
moduleSessionID
|
||
*/
|
||
var $uc_default = Array (
|
||
var $uc_default = Array(
|
||
'interfaceSetup' => '', // serialized content that is used to store interface pane and menu positions. Set by the logout.php-script
|
||
'interfaceSetup' => '', // serialized content that is used to store interface pane and menu positions. Set by the logout.php-script
|
||
'moduleData' => Array(), // user-data for the modules
|
||
'moduleData' => Array(), // user-data for the modules
|
||
'thumbnailsByDefault' => 0,
|
||
'emailMeAtLogin' => 0,
|
||
'condensedMode' => 0,
|
||
... | ... | |
'edit_docModuleUpload' => '1',
|
||
'enableFlashUploader' => '1',
|
||
'disableCMlayers' => 0,
|
||
'navFrameWidth' => '', // Default is 245 pixels
|
||
'navFrameWidth' => '', // Default is 245 pixels
|
||
'navFrameResizable' => 0,
|
||
'resizeTextareas' => 1,
|
||
'resizeTextareas_MaxHeight' => 300,
|
||
... | ... | |
* @return void
|
||
* @deprecated since TYPO3 3.6, this function will be removed in TYPO3 4.6.
|
||
*/
|
||
function trackBeUser($flag) {
|
||
function trackBeUser($flag) {
|
||
t3lib_div::logDeprecatedFunction();
|
||
if ($flag && t3lib_extMgm::isLoaded('beuser_tracking')) {
|
||
if ($flag && t3lib_extMgm::isLoaded('beuser_tracking')) {
|
||
$insertFields = array(
|
||
'userid' => intval($this->user['uid']),
|
||
'tstamp' => $GLOBALS['EXEC_TIME'],
|
||
... | ... | |
* @return boolean True, if IP address validates OK (or no check is done at all)
|
||
* @access private
|
||
*/
|
||
function checkLockToIP() {
|
||
function checkLockToIP() {
|
||
global $TYPO3_CONF_VARS;
|
||
$out = 1;
|
||
if ($TYPO3_CONF_VARS['BE']['enabledBeUserIPLock']) {
|
||
if ($TYPO3_CONF_VARS['BE']['enabledBeUserIPLock']) {
|
||
$IPList = $this->getTSConfigVal('options.lockToIP');
|
||
if (trim($IPList)) {
|
||
if (trim($IPList)) {
|
||
$baseIP = t3lib_div::getIndpEnv('REMOTE_ADDR');
|
||
$out = t3lib_div::cmpIP($baseIP, $IPList);
|
||
}
|
||
... | ... | |
*
|
||
* @return void
|
||
*/
|
||
function backendCheckLogin() {
|
||
function backendCheckLogin() {
|
||
if (!$this->user['uid']) {
|
||
if (!$this->user['uid']) {
|
||
if (!defined('TYPO3_PROCEED_IF_NO_USER') || !TYPO3_PROCEED_IF_NO_USER) {
|
||
if (!defined('TYPO3_PROCEED_IF_NO_USER') || !TYPO3_PROCEED_IF_NO_USER) {
|
||
t3lib_utility_Http::redirect($GLOBALS['BACK_PATH']);
|
||
}
|
||
} else { // ...and if that's the case, call these functions
|
||
} else { // ...and if that's the case, call these functions
|
||
$this->fetchGroupData(); // The groups are fetched and ready for permission checking in this initialization. Tables.php must be read before this because stuff like the modules has impact in this
|
||
$this->fetchGroupData(); // The groups are fetched and ready for permission checking in this initialization. Tables.php must be read before this because stuff like the modules has impact in this
|
||
if ($this->checkLockToIP()) {
|
||
if ($this->checkLockToIP()) {
|
||
if ($this->isUserAllowedToLogin()) {
|
||
$this->backendSetUC(); // Setting the UC array. It's needed with fetchGroupData first, due to default/overriding of values.
|
||
$this->backendSetUC(); // Setting the UC array. It's needed with fetchGroupData first, due to default/overriding of values.
|
||
$this->emailAtLogin(); // email at login - if option set.
|
||
$this->emailAtLogin(); // email at login - if option set.
|
||
} else {
|
||
throw new RuntimeException('Login Error: TYPO3 is in maintenance mode at the moment. Only administrators are allowed access.');
|
||
}
|
||
... | ... | |
*
|
||
* @return boolean Returns true if a CLI user was loaded, otherwise false!
|
||
*/
|
||
function checkCLIuser() {
|
||
function checkCLIuser() {
|
||
// First, check if cliMode is enabled:
|
||
if (TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_CLI) {
|
||
if (!$this->user['uid']) {
|
||
if (!$this->user['uid']) {
|
||
if (substr($GLOBALS['MCONF']['name'],0,5)=='_CLI_') {
|
||
if (substr($GLOBALS['MCONF']['name'], 0, 5) == '_CLI_') {
|
||
$userName = strtolower($GLOBALS['MCONF']['name']);
|
||
$this->setBeUserByName($userName);
|
||
if ($this->user['uid']) {
|
||
if ($this->user['uid']) {
|
||
if (!$this->isAdmin()) {
|
||
if (!$this->isAdmin()) {
|
||
return TRUE;
|
||
} else die('ERROR: CLI backend user "'.$userName.'" was ADMIN which is not allowed!'.LF.LF);
|
||
} else die('ERROR: No backend user named "'.$userName.'" was found! [Database: '.TYPO3_db.']'.LF.LF);
|
||
} else die('ERROR: Module name, "'.$GLOBALS['MCONF']['name'].'", was not prefixed with "_CLI_"'.LF.LF);
|
||
} else die('ERROR: Another user was already loaded which is impossible in CLI mode!'.LF.LF);
|
||
} else {
|
||
die('ERROR: CLI backend user "' . $userName . '" was ADMIN which is not allowed!' . LF . LF);
|
||
}
|
||
}
|
||
} else {
|
||
die('ERROR: No backend user named "' . $userName . '" was found! [Database: ' . TYPO3_db . ']' . LF . LF);
|
||
}
|
||
}
|
||
} else {
|
||
die('ERROR: Module name, "' . $GLOBALS['MCONF']['name'] . '", was not prefixed with "_CLI_"' . LF . LF);
|
||
}
|
||
} else {
|
||
die('ERROR: Another user was already loaded which is impossible in CLI mode!' . LF . LF);
|
||
}
|
||
}
|
||
}
|
||
/**
|
||
* Initialize the internal ->uc array for the backend user
|
||
... | ... | |
* @return void
|
||
* @internal
|
||
*/
|
||
function backendSetUC() {
|
||
function backendSetUC() {
|
||
global $TYPO3_CONF_VARS;
|
||
// UC - user configuration is a serialized array inside the userobject
|
||
$temp_theSavedUC=unserialize($this->user['uc']); // if there is a saved uc we implement that instead of the default one.
|
||
$temp_theSavedUC = unserialize($this->user['uc']); // if there is a saved uc we implement that instead of the default one.
|
||
if (is_array($temp_theSavedUC)) {
|
||
if (is_array($temp_theSavedUC)) {
|
||
$this->unpack_uc($temp_theSavedUC);
|
||
}
|
||
// Setting defaults if uc is empty
|
||
if (!is_array($this->uc)) {
|
||
if (!is_array($this->uc)) {
|
||
$this->uc = array_merge(
|
||
$this->uc_default,
|
||
(array) $TYPO3_CONF_VARS['BE']['defaultUC'],
|
||
t3lib_div::removeDotsFromTS((array) $this->getTSConfigProp('setup.default'))
|
||
);
|
||
$this->overrideUC();
|
||
$U=1;
|
||
$U = 1;
|
||
}
|
||
// If TSconfig is updated, update the defaultUC.
|
||
if ($this->userTSUpdated) {
|
||
if ($this->userTSUpdated) {
|
||
$this->overrideUC();
|
||
$U=1;
|
||
$U = 1;
|
||
}
|
||
// Setting default lang from be_user record.
|
||
if (!isset($this->uc['lang'])) {
|
||
if (!isset($this->uc['lang'])) {
|
||
$this->uc['lang']=$this->user['lang'];
|
||
$this->uc['lang'] = $this->user['lang'];
|
||
$U=1;
|
||
$U = 1;
|
||
}
|
||
// Setting the time of the first login:
|
||
if (!isset($this->uc['firstLoginTimeStamp'])) {
|
||
... | ... | |
}
|
||
// Saving if updated.
|
||
if ($U) {
|
||
if ($U) {
|
||
$this->writeUC(); // Method from the t3lib_userauth class.
|
||
$this->writeUC(); // Method from the t3lib_userauth class.
|
||
}
|
||
}
|
||
... | ... | |
* @return void
|
||
* @internal
|
||
*/
|
||
function overrideUC() {
|
||
function overrideUC() {
|
||
$this->uc = array_merge((array)$this->uc, (array)$this->getTSConfigProp('setup.override')); // Candidate for t3lib_div::array_merge() if integer-keys will some day make trouble...
|
||
$this->uc = array_merge((array) $this->uc, (array) $this->getTSConfigProp('setup.override')); // Candidate for t3lib_div::array_merge() if integer-keys will some day make trouble...
|
||
}
|
||
/**
|
||
... | ... | |
* @return void
|
||
* @internal
|
||
*/
|
||
function resetUC() {
|
||
function resetUC() {
|
||
$this->user['uc']='';
|
||
$this->user['uc'] = '';
|
||
$this->uc='';
|
||
$this->uc = '';
|
||
$this->backendSetUC();
|
||
}
|
||
... | ... | |
* @return void
|
||
* @access private
|
||
*/
|
||
function emailAtLogin() {
|
||
function emailAtLogin() {
|
||
if ($this->loginSessionStarted) {
|
||
if ($this->loginSessionStarted) {
|
||
// Send notify-mail
|
||
$subject = 'At "'.$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'].'"'.
|
||
$subject = 'At "' . $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'] . '"' .
|
||
' from '.t3lib_div::getIndpEnv('REMOTE_ADDR').
|
||
' from ' . t3lib_div::getIndpEnv('REMOTE_ADDR') .
|
||
(t3lib_div::getIndpEnv('REMOTE_HOST') ? ' ('.t3lib_div::getIndpEnv('REMOTE_HOST').')' : '');
|
||
(t3lib_div::getIndpEnv('REMOTE_HOST') ? ' (' . t3lib_div::getIndpEnv('REMOTE_HOST') . ')' : '');
|
||
$msg = sprintf ('User "%s" logged in from %s (%s) at "%s" (%s)',
|
||
$msg = sprintf('User "%s" logged in from %s (%s) at "%s" (%s)',
|
||
$this->user['username'],
|
||
t3lib_div::getIndpEnv('REMOTE_ADDR'),
|
||
t3lib_div::getIndpEnv('REMOTE_HOST'),
|
||
... | ... | |
);
|
||
// Warning email address
|
||
if ($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr']) {
|
||
if ($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr']) {
|
||
$warn=0;
|
||
$warn = 0;
|
||
$prefix='';
|
||
$prefix = '';
|
||
if (intval($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_mode']) & 1) { // first bit: All logins
|
||
if (intval($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_mode']) & 1) { // first bit: All logins
|
||
$warn=1;
|
||
$warn = 1;
|
||
$prefix= $this->isAdmin() ? '[AdminLoginWarning]' : '[LoginWarning]';
|
||
$prefix = $this->isAdmin() ? '[AdminLoginWarning]' : '[LoginWarning]';
|
||
}
|
||
if ($this->isAdmin() && (intval($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_mode']) & 2)) { // second bit: Only admin-logins
|
||
if ($this->isAdmin() && (intval($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_mode']) & 2)) { // second bit: Only admin-logins
|
||
$warn=1;
|
||
$warn = 1;
|
||
$prefix='[AdminLoginWarning]';
|
||
$prefix = '[AdminLoginWarning]';
|
||
}
|
||
if ($warn) {
|
||
if ($warn) {
|
||
t3lib_utility_Mail::mail($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'],
|
||
$prefix.' '.$subject,
|
||
$prefix . ' ' . $subject,
|
||
$msg,
|
||
$this->notifyHeader
|
||
);
|
||
... | ... | |
}
|
||
// If An email should be sent to the current user, do that:
|
||
if ($this->uc['emailMeAtLogin'] && strstr($this->user['email'],'@')) {
|
||
if ($this->uc['emailMeAtLogin'] && strstr($this->user['email'], '@')) {
|
||
t3lib_utility_Mail::mail($this->user['email'],
|
||
$subject,
|
||
$msg,
|
||
... | ... | |
}
|
||
if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_beuserauth.php']) {
|
||
if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_beuserauth.php']) {
|
||
include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_beuserauth.php']);
|
||
}
|
||