Documentation TYPO3 par Ameos

class.t3lib_userauthgroup.php

00001 <?php
00002 /***************************************************************
00003 *  Copyright notice
00004 *
00005 *  (c) 1999-2004 Kasper Skaarhoj (kasperYYYY@typo3.com)
00006 *  All rights reserved
00007 *
00008 *  This script is part of the TYPO3 project. The TYPO3 project is
00009 *  free software; you can redistribute it and/or modify
00010 *  it under the terms of the GNU General Public License as published by
00011 *  the Free Software Foundation; either version 2 of the License, or
00012 *  (at your option) any later version.
00013 *
00014 *  The GNU General Public License can be found at
00015 *  http://www.gnu.org/copyleft/gpl.html.
00016 *  A copy is found in the textfile GPL.txt and important notices to the license
00017 *  from the author is found in LICENSE.txt distributed with these scripts.
00018 *
00019 *
00020 *  This script is distributed in the hope that it will be useful,
00021 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00022 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00023 *  GNU General Public License for more details.
00024 *
00025 *  This copyright notice MUST APPEAR in all copies of the script!
00026 ***************************************************************/
00082         // Need this for parsing User TSconfig
00083 require_once (PATH_t3lib.'class.t3lib_tsparser.php');
00084 
00085 
00086 
00087 
00088 
00089 
00090 
00091 
00092 
00093 
00094 
00095 
00096 
00097 
00098 
00099 
00100 
00101 
00102 
00103 
00104 
00115 class t3lib_userAuthGroup extends t3lib_userAuth {
00116         var $usergroup_column = 'usergroup';            // Should be set to the usergroup-column (id-list) in the user-record
00117         var $usergroup_table = 'be_groups';                     // The name of the group-table
00118 
00119                 // internal
00120         var $groupData = Array(                         // This array holds lists of eg. tables, fields and other values related to the permission-system. See fetchGroupData
00121                 'filemounts' => Array()                 // Filemounts are loaded here
00122         );
00123 
00124         var $userGroups = Array();                      // This array will hold the groups that the user is a member of
00125         var $userGroupsUID = Array();           // This array holds the uid's of the groups in the listed order
00126         var $groupList ='';                                     // This is $this->userGroupsUID imploded to a comma list... Will correspond to the 'usergroup_cached_list'
00127         var $dataLists=array(                           // Used internally to accumulate data for the user-group. DONT USE THIS EXTERNALLY! Use $this->groupData instead
00128                 'webmount_list'=>'',
00129                 'filemount_list'=>'',
00130                 'modList'=>'',
00131                 'tables_select'=>'',
00132                 'tables_modify'=>'',
00133                 'pagetypes_select'=>'',
00134                 'non_exclude_fields'=>'',
00135                 'explicit_allowdeny'=>'',
00136                 'allowed_languages' => '',
00137                 'custom_options' => '',
00138         );
00139         var $includeHierarchy=array();          // For debugging/display of order in which subgroups are included.
00140         var $includeGroupArray=array();         // List of group_id's in the order they are processed.
00141 
00142         var $OS='';                                                     // Set to 'WIN', if windows
00143         var $TSdataArray=array();                       // Used to accumulate the TSconfig data of the user
00144         var $userTS_text = '';                          // Contains the non-parsed user TSconfig
00145         var $userTS = array();                          // Contains the parsed user TSconfig
00146         var $userTSUpdated=0;                           // Set internally if the user TSconfig was parsed and needs to be cached.
00147         var $userTS_dontGetCached=0;            // Set this from outside if you want the user TSconfig to ALWAYS be parsed and not fetched from cache.
00148 
00149         var $RTE_errors = array();                      // RTE availability errors collected.
00150         var $errorMsg = '';                                     // Contains last error message
00151 
00152 
00153 
00154 
00155 
00156 
00157 
00158 
00159 
00160 
00161 
00162 
00163 
00164         /************************************
00165          *
00166          * Permission checking functions:
00167          *
00168          ************************************/
00169 
00176         function isAdmin()      {
00177                 return (($this->user['admin']&1) ==1);
00178         }
00179 
00188         function isMemberOfGroup($groupId)      {
00189                 $groupId = intval($groupId);
00190                 if ($this->groupList && $groupId)       {
00191                         return $this->inList($this->groupList, $groupId);
00192                 }
00193         }
00194 
00210         function doesUserHaveAccess($row,$perms)        {
00211                 $userPerms = $this->calcPerms($row);
00212                 return ($userPerms & $perms)==$perms;
00213         }
00214 
00227         function isInWebMount($id,$readPerms='',$exitOnError=0) {
00228                 if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['lockBeUserToDBmounts'] || $this->isAdmin())     return 1;
00229                 $id = intval($id);
00230                 if (!$readPerms)        $readPerms = $this->getPagePermsClause(1);
00231                 if ($id>0)      {
00232                         $wM = $this->returnWebmounts();
00233                         $rL = t3lib_BEfunc::BEgetRootLine($id,' AND '.$readPerms);
00234 
00235                         foreach($rL as $v)      {
00236                                 if ($v['uid'] && in_array($v['uid'],$wM))       {
00237                                         return $v['uid'];
00238                                 }
00239                         }
00240                 }
00241                 if ($exitOnError)       {
00242                         t3lib_BEfunc::typo3PrintError ('Access Error','This page is not within your DB-mounts',0);
00243                         exit;
00244                 }
00245         }
00246 
00254         function modAccess($conf,$exitOnError)  {
00255                 if (!t3lib_BEfunc::isModuleSetInTBE_MODULES($conf['name']))     {
00256                         if ($exitOnError)       {
00257                                 t3lib_BEfunc::typo3PrintError ('Fatal Error','This module "'.$conf['name'].'" is not enabled in TBE_MODULES',0);
00258                                 exit;
00259                         }
00260                         return false;
00261                 }
00262 
00263                         // Returns true if conf[access] is not set at all or if the user is admin
00264                 if (!$conf['access']  ||  $this->isAdmin()) return true;
00265 
00266                         // If $conf['access'] is set but not with 'admin' then we return true, if the module is found in the modList
00267                 if (!strstr($conf['access'],'admin') && $conf['name'])  {
00268                         $acs = $this->check('modules',$conf['name']);
00269                 }
00270                 if (!$acs && $exitOnError)      {
00271                         t3lib_BEfunc::typo3PrintError ('Access Error','You don\'t have access to this module.',0);
00272                         exit;
00273                 } else return $acs;
00274         }
00275 
00290         function getPagePermsClause($perms)     {
00291                 if (is_array($this->user))      {
00292                         if ($this->isAdmin())   {
00293                                 return ' 1=1';
00294                         }
00295 
00296                         $perms = intval($perms);        // Make sure it's integer.
00297                         $str= ' ('.
00298                                 '(pages.perms_everybody & '.$perms.' = '.$perms.')'.    // Everybody
00299                                 'OR(pages.perms_userid = '.$this->user['uid'].' AND pages.perms_user & '.$perms.' = '.$perms.')';       // User
00300                         if ($this->groupList){$str.='OR(pages.perms_groupid in ('.$this->groupList.') AND pages.perms_group & '.$perms.' = '.$perms.')';}       // Group (if any is set)
00301                         $str.=')';
00302                         return $str;
00303                 } else {
00304                         return ' 1=0';
00305                 }
00306         }
00307 
00316         function calcPerms($row)        {
00317                 if ($this->isAdmin()) {return 31;}              // Return 31 for admin users.
00318 
00319                 $out=0;
00320                 if (isset($row['perms_userid']) && isset($row['perms_user']) && isset($row['perms_groupid']) && isset($row['perms_group']) && isset($row['perms_everybody']) && isset($this->groupList))        {
00321                         if ($this->user['uid']==$row['perms_userid'])   {
00322                                 $out|=$row['perms_user'];
00323                         }
00324                         if ($this->isMemberOfGroup($row['perms_groupid']))      {
00325                                 $out|=$row['perms_group'];
00326                         }
00327                         $out|=$row['perms_everybody'];
00328                 }
00329                 return $out;
00330         }
00331 
00339         function isRTE()        {
00340                 global $CLIENT;
00341 
00342                         // Start:
00343                 $this->RTE_errors = array();
00344                 if (!$this->uc['edit_RTE'])
00345                         $this->RTE_errors[] = 'RTE is not enabled for user!';
00346                 if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['RTEenabled'])
00347                         $this->RTE_errors[] = 'RTE is not enabled in $TYPO3_CONF_VARS["BE"]["RTEenabled"]';
00348 
00349 
00350                         // Acquire RTE object:
00351                 $RTE = &t3lib_BEfunc::RTEgetObj();
00352                 if (!is_object($RTE))   {
00353                         $this->RTE_errors = array_merge($this->RTE_errors, $RTE);
00354                 }
00355 
00356                 if (!count($this->RTE_errors))  {
00357                         return TRUE;
00358                 } else {
00359                         return FALSE;
00360                 }
00361         }
00362 
00373         function check($type,$value)    {
00374                 if (isset($this->groupData[$type]))     {
00375                         if ($this->isAdmin() || $this->inList($this->groupData[$type],$value)) {
00376                                 return 1;
00377                         }
00378                 }
00379         }
00380 
00390         function checkAuthMode($table,$field,$value,$authMode)  {
00391                 global $TCA;
00392 
00393                         // Admin users can do anything:
00394                 if ($this->isAdmin())   return TRUE;
00395 
00396                         // Allow all blank values:
00397                 if (!strcmp($value,'')) return TRUE;
00398 
00399                         // Certain characters are not allowed in the value
00400                 if (ereg('[:|,]',$value))       {
00401                         return FALSE;
00402                 }
00403 
00404                         // Initialize:
00405                 $testValue = $table.':'.$field.':'.$value;
00406                 $out = TRUE;
00407 
00408                         // Checking value:
00409                 switch((string)$authMode)       {
00410                         case 'explicitAllow':
00411                                 if (!$this->inList($this->groupData['explicit_allowdeny'],$testValue.':ALLOW')) {
00412                                         $out = FALSE;
00413                                 }
00414                         break;
00415                         case 'explicitDeny':
00416                                 if ($this->inList($this->groupData['explicit_allowdeny'],$testValue.':DENY'))   {
00417                                         $out = FALSE;
00418                                 }
00419                         break;
00420                         case 'individual':
00421                                 t3lib_div::loadTCA($table);
00422                                 if (is_array($TCA[$table]) && is_array($TCA[$table]['columns'][$field]))        {
00423                                         $items = $TCA[$table]['columns'][$field]['config']['items'];
00424                                         if (is_array($items))   {
00425                                                 foreach($items as $iCfg)        {
00426                                                         if (!strcmp($iCfg[1],$value) && $iCfg[4])       {
00427                                                                 switch((string)$iCfg[4])        {
00428                                                                         case 'EXPL_ALLOW':
00429                                                                                 if (!$this->inList($this->groupData['explicit_allowdeny'],$testValue.':ALLOW')) {
00430                                                                                         $out = FALSE;
00431                                                                                 }
00432                                                                         break;
00433                                                                         case 'EXPL_DENY':
00434                                                                                 if ($this->inList($this->groupData['explicit_allowdeny'],$testValue.':DENY'))   {
00435                                                                                         $out = FALSE;
00436                                                                                 }
00437                                                                         break;
00438                                                                 }
00439                                                                 break;
00440                                                         }
00441                                                 }
00442                                         }
00443                                 }
00444                         break;
00445                 }
00446 
00447                 return $out;
00448         }
00449 
00456         function checkLanguageAccess($langValue)        {
00457                 if (strcmp($this->groupData['allowed_languages'],''))   {       // The users language list must be non-blank - otherwise all languages are allowed.
00458                         $langValue = intval($langValue);
00459                         if ($langValue != -1 && !$this->check('allowed_languages',$langValue))  {       // Language must either be explicitly allowed OR the lang Value be "-1" (all languages)
00460                                 return FALSE;
00461                         }
00462                 }
00463                 return TRUE;
00464         }
00465 
00476         function recordEditAccessInternals($table,$idOrRow)     {
00477                 global $TCA;
00478 
00479                 if (isset($TCA[$table]))        {
00480                         t3lib_div::loadTCA($table);
00481 
00482                                 // Always return true for Admin users.
00483                         if ($this->isAdmin())   return TRUE;
00484 
00485                                 // Fetching the record if the $idOrRow variable was not an array on input:
00486                         if (!is_array($idOrRow))        {
00487                                 $idOrRow = t3lib_BEfunc::getRecord($table, $idOrRow);
00488                                 if (!is_array($idOrRow))        {
00489                                         $this->errorMsg = 'ERROR: Record could not be fetched.';
00490                                         return FALSE;
00491                                 }
00492                         }
00493 
00494                                 // Checking languages:
00495                         if ($TCA[$table]['ctrl']['languageField'])      {
00496                                 if (isset($idOrRow[$TCA[$table]['ctrl']['languageField']]))     {       // Language field must be found in input row - otherwise it does not make sense.
00497                                         if (!$this->checkLanguageAccess($idOrRow[$TCA[$table]['ctrl']['languageField']]))       {
00498                                                 $this->errorMsg = 'ERROR: Language was not allowed.';
00499                                                 return FALSE;
00500                                         }
00501                                 }
00502                         }
00503 
00504                                 // Checking authMode fields:
00505                         if (is_array($TCA[$table]['columns']))  {
00506                                 foreach($TCA[$table]['columns'] as $fN => $fV)  {
00507                                         if (isset($idOrRow[$fN]))       {       //
00508                                                 if ($fV['config']['type']=='select' && $fV['config']['authMode'] && !strcmp($fV['config']['authMode_enforce'],'strict')) {
00509                                                         if (!$this->checkAuthMode($table,$fN,$idOrRow[$fN],$fV['config']['authMode']))  {
00510                                                                 $this->errorMsg = 'ERROR: authMode "'.$fV['config']['authMode'].'" failed for field "'.$fN.'" with value "'.$idOrRow[$fN].'" evaluated';
00511                                                                 return FALSE;
00512                                                         }
00513                                                 }
00514                                         }
00515                                 }
00516                         }
00517 
00518                                 // Checking "editlock" feature
00519                         if ($TCA[$table]['ctrl']['editlock'] && $idOrRow[$TCA[$table]['ctrl']['editlock']])     {
00520                                 $this->errorMsg = 'ERROR: Record was locked for editing. Only admin users can change this state.';
00521                                 return FALSE;
00522                         }
00523 
00524                                 // Checking record permissions
00525                         // THIS is where we can include a check for "perms_" fields for other records than pages...
00526 
00527                                 // Finally, return true if all is well.
00528                         return TRUE;
00529                 }
00530         }
00531 
00541         function isPSet($lCP,$table,$type='')   {
00542                 if ($this->isAdmin())   return true;
00543                 if ($table=='pages')    {
00544                         if ($type=='edit')      return $lCP & 2;
00545                         if ($type=='new')       return ($lCP & 8) || ($lCP & 16);       // Create new page OR pagecontent
00546                         if ($type=='delete')    return $lCP & 4;
00547                         if ($type=='editcontent')       return $lCP & 16;
00548                 } else {
00549                         return $lCP & 16;
00550                 }
00551         }
00552 
00558         function mayMakeShortcut()      {
00559                 return $this->getTSConfigVal('options.shortcutFrame') && !$this->getTSConfigVal('options.mayNotCreateEditShortcuts');
00560         }
00561 
00562 
00563 
00564 
00565 
00566 
00567 
00568 
00569 
00570 
00571         /*************************************
00572          *
00573          * Miscellaneous functions
00574          *
00575          *************************************/
00576 
00586         function getTSConfig($objectString,$config='')  {
00587                 if (!is_array($config)) {
00588                         $config=$this->userTS;  // Getting Root-ts if not sent
00589                 }
00590                 $TSConf=array();
00591                 $parts = explode('.',$objectString,2);
00592                 $key = $parts[0];
00593                 if (trim($key)) {
00594                         if (count($parts)>1 && trim($parts[1])) {
00595                                 // Go on, get the next level
00596                                 if (is_array($config[$key.'.']))        $TSConf = $this->getTSConfig($parts[1],$config[$key.'.']);
00597                         } else {
00598                                 $TSConf['value']=$config[$key];
00599                                 $TSConf['properties']=$config[$key.'.'];
00600                         }
00601                 }
00602                 return $TSConf;
00603         }
00604 
00612         function getTSConfigVal($objectString)  {
00613                 $TSConf = $this->getTSConfig($objectString);
00614                 return $TSConf['value'];
00615         }
00616 
00624         function getTSConfigProp($objectString) {
00625                 $TSConf = $this->getTSConfig($objectString);
00626                 return $TSConf['properties'];
00627         }
00628 
00636         function inList($in_list,$item) {
00637                 return strstr(','.$in_list.',', ','.$item.',');
00638         }
00639 
00647         function returnWebmounts()      {
00648                 return (string)($this->groupData['webmounts'])!='' ? explode(',',$this->groupData['webmounts']) : Array();
00649         }
00650 
00657         function returnFilemounts()     {
00658                 return $this->groupData['filemounts'];
00659         }
00660 
00661 
00662 
00663 
00664 
00665 
00666 
00667 
00668 
00669 
00670 
00671 
00672         /*************************************
00673          *
00674          * Authentication methods
00675          *
00676          *************************************/
00677 
00678 
00687         function fetchGroupData()       {
00688                 if ($this->user['uid']) {
00689 
00690                                 // Get lists for the be_user record and set them as default/primary values.
00691                         $this->dataLists['modList'] = $this->user['userMods'];                                  // Enabled Backend Modules
00692                         $this->dataLists['allowed_languages'] = $this->user['allowed_languages'];                                       // Add Allowed Languages
00693                         $this->dataLists['webmount_list'] = $this->user['db_mountpoints'];              // Database mountpoints
00694                         $this->dataLists['filemount_list'] = $this->user['file_mountpoints'];   // File mountpoints
00695 
00696                                 // Setting default User TSconfig:
00697                         $this->TSdataArray[]=$this->addTScomment('From $GLOBALS["TYPO3_CONF_VARS"]["BE"]["defaultUserTSconfig"]:').
00698                                                                         $GLOBALS['TYPO3_CONF_VARS']['BE']['defaultUserTSconfig'];
00699 
00700                                 // Default TSconfig for admin-users
00701                         if ($this->isAdmin())   {
00702                                 $this->TSdataArray[]=$this->addTScomment('"admin" user presets:').'
00703                                         admPanel.enable.all = 1
00704                                         options.shortcutFrame = 1
00705                                 ';
00706                                 if (t3lib_extMgm::isLoaded('tt_news'))  {
00707                                         $this->TSdataArray[]='
00708                                                 // Setting defaults for tt_news author / email...
00709                                                 TCAdefaults.tt_news.author = '.$this->user['realName'].'
00710                                                 TCAdefaults.tt_news.author_email = '.$this->user['email'].'
00711                                         ';
00712                                 }
00713                                 if (t3lib_extMgm::isLoaded('sys_note')) {
00714                                         $this->TSdataArray[]='
00715                                                 // Setting defaults for sys_note author / email...
00716                                                 TCAdefaults.sys_note.author = '.$this->user['realName'].'
00717                                                 TCAdefaults.sys_note.email = '.$this->user['email'].'
00718                                         ';
00719                                 }
00720                         }
00721 
00722                                 // FILE MOUNTS:
00723                                 // Admin users has the base fileadmin dir mounted
00724                         if ($this->isAdmin() && $GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'])      {
00725                                 $this->addFileMount($GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'], '', PATH_site.$GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'], 0, '');
00726                         }
00727 
00728                                 // If userHomePath is set, we attempt to mount it
00729                         if ($GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath'])  {
00730                                         // First try and mount with [uid]_[username]
00731                                 $didMount=$this->addFileMount($this->user['username'], '',$GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath'].$this->user['uid'].'_'.$this->user['username'].$GLOBALS['TYPO3_CONF_VARS']['BE']['userUploadDir'], 0, 'user');
00732                                 if (!$didMount) {
00733                                                 // If that failed, try and mount with only [uid]
00734                                         $this->addFileMount($this->user['username'], '', $GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath'].$this->user['uid'].$GLOBALS['TYPO3_CONF_VARS']['BE']['userUploadDir'], 0, 'user');
00735                                 }
00736                         }
00737 
00738                                 // BE_GROUPS:
00739                                 // Get the groups...
00740 #                       $grList = t3lib_BEfunc::getSQLselectableList($this->user[$this->usergroup_column],$this->usergroup_table,$this->usergroup_table);
00741                         $grList = $GLOBALS['TYPO3_DB']->cleanIntList($this->user[$this->usergroup_column]);     // 240203: Since the group-field never contains any references to groups with a prepended table name we think it's safe to just intExplode and re-implode - which should be much faster than the other function call.
00742                         if ($grList)    {
00743                                         // Fetch groups will add a lot of information to the internal arrays: modules, accesslists, TSconfig etc. Refer to fetchGroups() function.
00744                                 $this->fetchGroups($grList);
00745                         }
00746 
00747                                 // Add the TSconfig for this specific user:
00748                         $this->TSdataArray[] = $this->addTScomment('USER TSconfig field').$this->user['TSconfig'];
00749                                 // Check include lines.
00750                         $this->TSdataArray = t3lib_TSparser::checkIncludeLines_array($this->TSdataArray);
00751 
00752                                 // Parsing the user TSconfig (or getting from cache)
00753                         $this->userTS_text = implode(chr(10).'[GLOBAL]'.chr(10),$this->TSdataArray);    // Imploding with "[global]" will make sure that non-ended confinements with braces are ignored.
00754                         $hash = md5('userTS:'.$this->userTS_text);
00755                         $cachedContent = t3lib_BEfunc::getHash($hash,0);
00756                         if (isset($cachedContent) && !$this->userTS_dontGetCached)      {
00757                                 $this->userTS = unserialize($cachedContent);
00758                         } else {
00759                                 $parseObj = t3lib_div::makeInstance('t3lib_TSparser');
00760                                 $parseObj->parse($this->userTS_text);
00761                                 $this->userTS = $parseObj->setup;
00762                                 t3lib_BEfunc::storeHash($hash,serialize($this->userTS),'BE_USER_TSconfig');
00763                                         // Update UC:
00764                                 $this->userTSUpdated=1;
00765                         }
00766 
00767                                 // Processing webmounts
00768                         if ($this->isAdmin() && !$this->getTSConfigVal('options.dontMountAdminMounts')) {       // Admin's always have the root mounted
00769                                 $this->dataLists['webmount_list']='0,'.$this->dataLists['webmount_list'];
00770                         }
00771 
00772                                 // Processing filemounts
00773                         $this->dataLists['filemount_list'] = t3lib_div::uniqueList($this->dataLists['filemount_list']);
00774                         if ($this->dataLists['filemount_list']) {
00775                                 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', 'sys_filemounts', 'NOT deleted AND NOT hidden AND pid=0 AND uid IN ('.$this->dataLists['filemount_list'].')');
00776                                 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))      {
00777                                         $this->addFileMount($row['title'], $row['path'], $row['path'], $row['base']?1:0, '');
00778                                 }
00779                         }
00780 
00781                                 // The lists are cleaned for duplicates
00782                         $this->groupData['webmounts'] = t3lib_div::uniqueList($this->dataLists['webmount_list']);
00783                         $this->groupData['pagetypes_select'] = t3lib_div::uniqueList($this->dataLists['pagetypes_select']);
00784                         $this->groupData['tables_select'] = t3lib_div::uniqueList($this->dataLists['tables_modify'].','.$this->dataLists['tables_select']);
00785                         $this->groupData['tables_modify'] = t3lib_div::uniqueList($this->dataLists['tables_modify']);
00786                         $this->groupData['non_exclude_fields'] = t3lib_div::uniqueList($this->dataLists['non_exclude_fields']);
00787                         $this->groupData['explicit_allowdeny'] = t3lib_div::uniqueList($this->dataLists['explicit_allowdeny']);
00788                         $this->groupData['allowed_languages'] = t3lib_div::uniqueList($this->dataLists['allowed_languages']);
00789                         $this->groupData['custom_options'] = t3lib_div::uniqueList($this->dataLists['custom_options']);
00790                         $this->groupData['modules'] = t3lib_div::uniqueList($this->dataLists['modList']);
00791 
00792                                 // populating the $this->userGroupsUID -array with the groups in the order in which they were LAST included.!!
00793                         $this->userGroupsUID = array_reverse(array_unique(array_reverse($this->includeGroupArray)));
00794 
00795                                 // Finally this is the list of group_uid's in the order they are parsed (including subgroups!) and without duplicates (duplicates are presented with their last entrance in the list, which thus reflects the order of the TypoScript in TSconfig)
00796                         $this->groupList = implode(',',$this->userGroupsUID);
00797                         $this->setCachedList($this->groupList);
00798                 }
00799         }
00800 
00810         function fetchGroups($grList,$idList='')        {
00811 
00812                         // Fetching records of the groups in $grList (which are not blocked by lockedToDomain either):
00813                 $lockToDomain_SQL = ' AND (lockToDomain="" OR lockToDomain="'.t3lib_div::getIndpEnv('HTTP_HOST').'")';
00814                 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', $this->usergroup_table, 'NOT deleted AND NOT hidden AND pid=0 AND uid IN ('.$grList.')'.$lockToDomain_SQL);
00815 
00816                         // The userGroups array is filled
00817                 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))      {
00818                         $this->userGroups[$row['uid']] = $row;
00819                 }
00820 
00821                         // Traversing records in the correct order
00822                 $include_staticArr = t3lib_div::intExplode(',',$grList);
00823                 reset($include_staticArr);
00824                 while(list(,$uid)=each($include_staticArr))     {       // traversing list
00825 
00826                                 // Get row:
00827                         $row=$this->userGroups[$uid];
00828                         if (is_array($row) && !t3lib_div::inList($idList,$uid)) {       // Must be an array and $uid should not be in the idList, because then it is somewhere previously in the grouplist
00829 
00830                                         // Include sub groups
00831                                 if (trim($row['subgroup']))     {
00832                                         $theList = implode(',',t3lib_div::intExplode(',',$row['subgroup']));    // Make integer list
00833                                         $this->fetchGroups($theList, $idList.','.$uid);         // Call recursively, pass along list of already processed groups so they are not recursed again.
00834                                 }
00835                                         // Add the group uid, current list, TSconfig to the internal arrays.
00836                                 $this->includeGroupArray[]=$uid;
00837                                 $this->includeHierarchy[]=$idList;
00838                                 $this->TSdataArray[] = $this->addTScomment('Group "'.$row['title'].'" ['.$row['uid'].'] TSconfig field:').$row['TSconfig'];
00839 
00840                                         // Mount group database-mounts
00841                                 if (($this->user['options']&1) == 1)    {       $this->dataLists['webmount_list'].= ','.$row['db_mountpoints']; }
00842 
00843                                         // Mount group file-mounts
00844                                 if (($this->user['options']&2) == 2)    {       $this->dataLists['filemount_list'].= ','.$row['file_mountpoints'];      }
00845 
00846                                         // Mount group home-dirs
00847                                 if (($this->user['options']&2) == 2)    {
00848                                                 // If groupHomePath is set, we attempt to mount it
00849                                         if ($GLOBALS['TYPO3_CONF_VARS']['BE']['groupHomePath']) {
00850                                                 $this->addFileMount($row['title'], '', $GLOBALS['TYPO3_CONF_VARS']['BE']['groupHomePath'].$row['uid'], 0, 'group');
00851                                         }
00852                                 }
00853 
00854                                         // The lists are made: groupMods, tables_select, tables_modify, pagetypes_select, non_exclude_fields, explicit_allowdeny, allowed_languages, custom_options
00855                                 if ($row['inc_access_lists']==1)        {
00856                                         $this->dataLists['modList'].= ','.$row['groupMods'];
00857                                         $this->dataLists['tables_select'].= ','.$row['tables_select'];
00858                                         $this->dataLists['tables_modify'].= ','.$row['tables_modify'];
00859                                         $this->dataLists['pagetypes_select'].= ','.$row['pagetypes_select'];
00860                                         $this->dataLists['non_exclude_fields'].= ','.$row['non_exclude_fields'];
00861                                         $this->dataLists['explicit_allowdeny'].= ','.$row['explicit_allowdeny'];
00862                                         $this->dataLists['allowed_languages'].= ','.$row['allowed_languages'];
00863                                         $this->dataLists['custom_options'].= ','.$row['custom_options'];
00864                                 }
00865                                         // If this function is processing the users OWN group-list (not subgroups) AND if the ->firstMainGroup is not set, then the ->firstMainGroup will be set.
00866                                 if (!strcmp($idList,'') && !$this->firstMainGroup)      {
00867                                         $this->firstMainGroup=$uid;
00868                                 }
00869                         }
00870                 }
00871 
00872         }
00873 
00882         function setCachedList($cList)  {
00883                 if ((string)$cList != (string)$this->user['usergroup_cached_list'])     {
00884                         $GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_users', 'uid='.intval($this->user['uid']), array('usergroup_cached_list' => $cList));
00885                 }
00886         }
00887 
00902         function addFileMount($title, $altTitle, $path, $webspace, $type)       {
00903                         // Return false if fileadminDir is not set and we try to mount a relative path
00904                 if ($webspace && !$GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'])    return false;
00905 
00906                         // Trimming and pre-processing
00907                 $path=trim($path);
00908                 if ($this->OS=='WIN')   {               // with WINDOWS convert backslash to slash!!
00909                         $path=str_replace('\\','/',$path);
00910                 }
00911                         // If the path is true and validates as a valid path string:
00912                 if ($path && t3lib_div::validPathStr($path))    {
00913                                 // these lines remove all slashes and dots before and after the path
00914                         $path=ereg_replace('^[\/\. ]*','',$path);
00915                         $path=trim(ereg_replace('[\/\. ]*$','',$path));
00916 
00917 
00918                         if ($path)      {       // there must be some chars in the path
00919                                 $fdir=PATH_site.$GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'];      // fileadmin dir, absolute
00920                                 if ($webspace)  {
00921                                         $path=$fdir.$path;      // PATH_site + fileadmin dir is prepended
00922                                 } else {
00923                                         if ($this->OS!='WIN')   {               // with WINDOWS no prepending!!
00924                                                 $path='/'.$path;        // root-level is the start...
00925                                         }
00926                                 }
00927                                 $path.='/';
00928 
00929                                         // We now have a path with slash after and slash before (if unix)
00930                                 if (@is_dir($path) &&
00931                                         (($GLOBALS['TYPO3_CONF_VARS']['BE']['lockRootPath'] && t3lib_div::isFirstPartOfStr($path,$GLOBALS['TYPO3_CONF_VARS']['BE']['lockRootPath'])) || t3lib_div::isFirstPartOfStr($path,$fdir)))      {
00932                                                         // Alternative title?
00933                                                 $name = $title ? $title : $altTitle;
00934                                                         // Adds the filemount. The same filemount with same name, type and path cannot be set up twice because of the hash string used as key.
00935                                                 $this->groupData['filemounts'][md5($name.'|'.$path.'|'.$type)] = Array('name'=>$name, 'path'=>$path, 'type'=>$type);
00936                                                         // Return true - went well, success!
00937                                                 return 1;
00938                                 }
00939                         }
00940                 }
00941         }
00942 
00949         function addTScomment($str)     {
00950                 $delimiter = '# ***********************************************';
00951 
00952                 $out = $delimiter.chr(10);
00953                 $lines = t3lib_div::trimExplode(chr(10),$str);
00954                 foreach($lines as $v)   {
00955                         $out.= '# '.$v.chr(10);
00956                 }
00957                 $out.= $delimiter.chr(10);
00958                 return $out;
00959         }
00960 
00961 
00962 
00963 
00964 
00965 
00966 
00967 
00968 
00969 
00970 
00971 
00972         /************************************
00973          *
00974          * Logging
00975          *
00976          ************************************/
00977 
00978 
00996         function writelog($type,$action,$error,$details_nr,$details,$data,$tablename='',$recuid='',$recpid='',$event_pid=-1,$NEWid='') {
00997 
00998                 $fields_values = Array (
00999                         'userid' => intval($this->user['uid']),
01000                         'type' => intval($type),
01001                         'action' => intval($action),
01002                         'error' => intval($error),
01003                         'details_nr' => intval($details_nr),
01004                         'details' => $details,
01005                         'log_data' => serialize($data),
01006                         'tablename' => $tablename,
01007                         'recuid' => intval($recuid),
01008                         'recpid' => intval($recpid),
01009                         'IP' => t3lib_div::getIndpEnv('REMOTE_ADDR'),
01010                         'tstamp' => $GLOBALS['EXEC_TIME'],
01011                         'event_pid' => intval($event_pid),
01012                         'NEWid' => $NEWid
01013                 );
01014 
01015                 $GLOBALS['TYPO3_DB']->exec_INSERTquery('sys_log', $fields_values);
01016                 return $GLOBALS['TYPO3_DB']->sql_insert_id();
01017         }
01018 
01029         function checkLogFailures($email, $secondsBack=3600, $max=3)    {
01030                 if ($email)     {
01031 
01032                                 // get last flag set in the log for sending
01033                         $theTimeBack = time()-$secondsBack;
01034                         $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
01035                                                         'tstamp',
01036                                                         'sys_log',
01037                                                         'type=255 AND action=4 AND tstamp>'.intval($theTimeBack),
01038                                                         '',
01039                                                         'tstamp DESC',
01040                                                         '1'
01041                                                 );
01042                         if ($testRow = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))     {
01043                                 $theTimeBack = $testRow['tstamp'];
01044                         }
01045 
01046                                 // Check for more than $max number of error failures with the last period.
01047                         $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
01048                                                         '*',
01049                                                         'sys_log',
01050                                                         'type=255 AND action=3 AND error!=0 AND tstamp>'.intval($theTimeBack),
01051                                                         '',
01052                                                         'tstamp'
01053                                                 );
01054                         if ($GLOBALS['TYPO3_DB']->sql_num_rows($res) > $max)    {
01055                                         // OK, so there were more than the max allowed number of login failures - so we will send an email then.
01056                                 $subject = 'TYPO3 Login Failure Warning (at '.$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'].')';
01057                                 $email_body = '
01058 There has been numerous attempts ('.$GLOBALS['TYPO3_DB']->sql_num_rows($res).') to login at the TYPO3
01059 site "'.$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'].'" ('.t3lib_div::getIndpEnv('HTTP_HOST').').
01060 
01061 This is a dump of the failures:
01062 
01063 ';
01064                                 while($testRows = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))  {
01065                                         $theData = unserialize($testRows['log_data']);
01066                                         $email_body.=date($GLOBALS['TYPO3_CONF_VARS']['SYS']['ddmmyy'].' H:i',$testRows['tstamp']).':  '.@sprintf($testRows['details'],''.$theData[0],''.$theData[1],''.$theData[2]);
01067                                         $email_body.=chr(10);
01068                                 }
01069                                 mail(   $email,
01070                                                 $subject,
01071                                                 $email_body,
01072                                                 'From: TYPO3 Login WARNING<>'
01073                                 );
01074                                 $this->writelog(255,4,0,3,'Failure warning (%s failures within %s seconds) sent by email to %s',Array($GLOBALS['TYPO3_DB']->sql_num_rows($res),$secondsBack,$email));   // Logout written to log
01075                         }
01076                 }
01077         }
01078 }
01079 
01080 
01081 
01082 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_userauthgroup.php'])     {
01083         include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_userauthgroup.php']);
01084 }
01085 ?>


Généré par Le spécialiste TYPO3 avec  doxygen 1.4.6