Documentation TYPO3 par Ameos

class.t3lib_userauthgroup.php

00001 <?php
00002 /***************************************************************
00003 *  Copyright notice
00004 *
00005 *  (c) 1999-2005 Kasper Skaarhoj (kasperYYYY@typo3.com)
00006 *  All rights reserved
00007 *
00008 *  This script is part of the TYPO3 project. The TYPO3 project is
00009 *  free software; you can redistribute it and/or modify
00010 *  it under the terms of the GNU General Public License as published by
00011 *  the Free Software Foundation; either version 2 of the License, or
00012 *  (at your option) any later version.
00013 *
00014 *  The GNU General Public License can be found at
00015 *  http://www.gnu.org/copyleft/gpl.html.
00016 *  A copy is found in the textfile GPL.txt and important notices to the license
00017 *  from the author is found in LICENSE.txt distributed with these scripts.
00018 *
00019 *
00020 *  This script is distributed in the hope that it will be useful,
00021 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00022 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00023 *  GNU General Public License for more details.
00024 *
00025 *  This copyright notice MUST APPEAR in all copies of the script!
00026 ***************************************************************/
00082         // Need this for parsing User TSconfig
00083 require_once (PATH_t3lib.'class.t3lib_tsparser.php');
00084 
00085 
00086 
00087 
00088 
00089 
00090 
00091 
00092 
00093 
00094 
00095 
00096 
00097 
00098 
00099 
00100 
00101 
00102 
00103 
00104 
00115 class t3lib_userAuthGroup extends t3lib_userAuth {
00116         var $usergroup_column = 'usergroup';            // Should be set to the usergroup-column (id-list) in the user-record
00117         var $usergroup_table = 'be_groups';                     // The name of the group-table
00118 
00119                 // internal
00120         var $groupData = Array(                         // This array holds lists of eg. tables, fields and other values related to the permission-system. See fetchGroupData
00121                 'filemounts' => Array()                 // Filemounts are loaded here
00122         );
00123 
00124         var $userGroups = Array();                      // This array will hold the groups that the user is a member of
00125         var $userGroupsUID = Array();           // This array holds the uid's of the groups in the listed order
00126         var $groupList ='';                                     // This is $this->userGroupsUID imploded to a comma list... Will correspond to the 'usergroup_cached_list'
00127         var $dataLists=array(                           // Used internally to accumulate data for the user-group. DONT USE THIS EXTERNALLY! Use $this->groupData instead
00128                 'webmount_list'=>'',
00129                 'filemount_list'=>'',
00130                 'modList'=>'',
00131                 'tables_select'=>'',
00132                 'tables_modify'=>'',
00133                 'pagetypes_select'=>'',
00134                 'non_exclude_fields'=>'',
00135                 'explicit_allowdeny'=>'',
00136                 'allowed_languages' => '',
00137                 'custom_options' => '',
00138         );
00139         var $includeHierarchy=array();          // For debugging/display of order in which subgroups are included.
00140         var $includeGroupArray=array();         // List of group_id's in the order they are processed.
00141 
00142         var $OS='';                                                     // Set to 'WIN', if windows
00143         var $TSdataArray=array();                       // Used to accumulate the TSconfig data of the user
00144         var $userTS_text = '';                          // Contains the non-parsed user TSconfig
00145         var $userTS = array();                          // Contains the parsed user TSconfig
00146         var $userTSUpdated=0;                           // Set internally if the user TSconfig was parsed and needs to be cached.
00147         var $userTS_dontGetCached=0;            // Set this from outside if you want the user TSconfig to ALWAYS be parsed and not fetched from cache.
00148 
00149         var $RTE_errors = array();                      // RTE availability errors collected.
00150         var $errorMsg = '';                                     // Contains last error message
00151 
00152 
00153 
00154 
00155 
00156 
00157 
00158 
00159 
00160 
00161 
00162 
00163 
00164         /************************************
00165          *
00166          * Permission checking functions:
00167          *
00168          ************************************/
00169 
00176         function isAdmin()      {
00177                 return (($this->user['admin']&1) ==1);
00178         }
00179 
00188         function isMemberOfGroup($groupId)      {
00189                 $groupId = intval($groupId);
00190                 if ($this->groupList && $groupId)       {
00191                         return $this->inList($this->groupList, $groupId);
00192                 }
00193         }
00194 
00210         function doesUserHaveAccess($row,$perms)        {
00211                 $userPerms = $this->calcPerms($row);
00212                 return ($userPerms & $perms)==$perms;
00213         }
00214 
00227         function isInWebMount($id,$readPerms='',$exitOnError=0) {
00228                 if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['lockBeUserToDBmounts'] || $this->isAdmin())     return 1;
00229                 $id = intval($id);
00230                 if (!$readPerms)        $readPerms = $this->getPagePermsClause(1);
00231                 if ($id>0)      {
00232                         $wM = $this->returnWebmounts();
00233                         $rL = t3lib_BEfunc::BEgetRootLine($id,' AND '.$readPerms);
00234 
00235                         foreach($rL as $v)      {
00236                                 if ($v['uid'] && in_array($v['uid'],$wM))       {
00237                                         return $v['uid'];
00238                                 }
00239                         }
00240                 }
00241                 if ($exitOnError)       {
00242                         t3lib_BEfunc::typo3PrintError ('Access Error','This page is not within your DB-mounts',0);
00243                         exit;
00244                 }
00245         }
00246 
00254         function modAccess($conf,$exitOnError)  {
00255                 if (!t3lib_BEfunc::isModuleSetInTBE_MODULES($conf['name']))     {
00256                         if ($exitOnError)       {
00257                                 t3lib_BEfunc::typo3PrintError ('Fatal Error','This module "'.$conf['name'].'" is not enabled in TBE_MODULES',0);
00258                                 exit;
00259                         }
00260                         return false;
00261                 }
00262 
00263                         // Returns true if conf[access] is not set at all or if the user is admin
00264                 if (!$conf['access']  ||  $this->isAdmin()) return true;
00265 
00266                         // If $conf['access'] is set but not with 'admin' then we return true, if the module is found in the modList
00267                 if (!strstr($conf['access'],'admin') && $conf['name'])  {
00268                         $acs = $this->check('modules',$conf['name']);
00269                 }
00270                 if (!$acs && $exitOnError)      {
00271                         t3lib_BEfunc::typo3PrintError ('Access Error','You don\'t have access to this module.',0);
00272                         exit;
00273                 } else return $acs;
00274         }
00275 
00290         function getPagePermsClause($perms)     {
00291                 global $TYPO3_CONF_VARS;
00292                 if (is_array($this->user))      {
00293                         if ($this->isAdmin())   {
00294                                 return ' 1=1';
00295                         }
00296 
00297                         $perms = intval($perms);        // Make sure it's integer.
00298                         $str= ' ('.
00299                                 '(pages.perms_everybody & '.$perms.' = '.$perms.')'.    // Everybody
00300                                 'OR(pages.perms_userid = '.$this->user['uid'].' AND pages.perms_user & '.$perms.' = '.$perms.')';       // User
00301                         if ($this->groupList){$str.='OR(pages.perms_groupid in ('.$this->groupList.') AND pages.perms_group & '.$perms.' = '.$perms.')';}       // Group (if any is set)
00302                         $str.=')';
00303 
00304                         // ****************
00305                         // getPagePermsClause-HOOK
00306                         // ****************
00307                         if (is_array($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['getPagePermsClause'])) {
00308 
00309                                 foreach($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['getPagePermsClause'] as $_funcRef) {
00310                                         $_params = array('currentClause' => $str, 'perms' => $perms);
00311                                         $str = t3lib_div::callUserFunction($_funcRef, $_params, $this);
00312                                 }
00313                         }
00314 
00315                         return $str;
00316                 } else {
00317                         return ' 1=0';
00318                 }
00319         }
00320 
00329         function calcPerms($row)        {
00330                 global $TYPO3_CONF_VARS;
00331                 if ($this->isAdmin()) {return 31;}              // Return 31 for admin users.
00332 
00333                 $out=0;
00334                 if (isset($row['perms_userid']) && isset($row['perms_user']) && isset($row['perms_groupid']) && isset($row['perms_group']) && isset($row['perms_everybody']) && isset($this->groupList))        {
00335                         if ($this->user['uid']==$row['perms_userid'])   {
00336                                 $out|=$row['perms_user'];
00337                         }
00338                         if ($this->isMemberOfGroup($row['perms_groupid']))      {
00339                                 $out|=$row['perms_group'];
00340                         }
00341                         $out|=$row['perms_everybody'];
00342                 }
00343 
00344                 // ****************
00345                 // CALCPERMS hook
00346                 // ****************
00347                 if (is_array($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['calcPerms'])) {
00348                         foreach($TYPO3_CONF_VARS['SC_OPTIONS']['t3lib/class.t3lib_userauthgroup.php']['calcPerms'] as $_funcRef) {
00349                                 $_params = array(
00350                                         'row' => $row,
00351                                         'outputPermissions' => $out
00352                                 );
00353                                 $out = t3lib_div::callUserFunction($_funcRef, $_params, $this);
00354                         }
00355                 }
00356 
00357                 return $out;
00358         }
00359 
00367         function isRTE()        {
00368                 global $CLIENT;
00369 
00370                         // Start:
00371                 $this->RTE_errors = array();
00372                 if (!$this->uc['edit_RTE'])
00373                         $this->RTE_errors[] = 'RTE is not enabled for user!';
00374                 if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['RTEenabled'])
00375                         $this->RTE_errors[] = 'RTE is not enabled in $TYPO3_CONF_VARS["BE"]["RTEenabled"]';
00376 
00377 
00378                         // Acquire RTE object:
00379                 $RTE = &t3lib_BEfunc::RTEgetObj();
00380                 if (!is_object($RTE))   {
00381                         $this->RTE_errors = array_merge($this->RTE_errors, $RTE);
00382                 }
00383 
00384                 if (!count($this->RTE_errors))  {
00385                         return TRUE;
00386                 } else {
00387                         return FALSE;
00388                 }
00389         }
00390 
00401         function check($type,$value)    {
00402                 if (isset($this->groupData[$type]))     {
00403                         if ($this->isAdmin() || $this->inList($this->groupData[$type],$value)) {
00404                                 return 1;
00405                         }
00406                 }
00407         }
00408 
00418         function checkAuthMode($table,$field,$value,$authMode)  {
00419                 global $TCA;
00420 
00421                         // Admin users can do anything:
00422                 if ($this->isAdmin())   return TRUE;
00423 
00424                         // Allow all blank values:
00425                 if (!strcmp($value,'')) return TRUE;
00426 
00427                         // Certain characters are not allowed in the value
00428                 if (ereg('[:|,]',$value))       {
00429                         return FALSE;
00430                 }
00431 
00432                         // Initialize:
00433                 $testValue = $table.':'.$field.':'.$value;
00434                 $out = TRUE;
00435 
00436                         // Checking value:
00437                 switch((string)$authMode)       {
00438                         case 'explicitAllow':
00439                                 if (!$this->inList($this->groupData['explicit_allowdeny'],$testValue.':ALLOW')) {
00440                                         $out = FALSE;
00441                                 }
00442                         break;
00443                         case 'explicitDeny':
00444                                 if ($this->inList($this->groupData['explicit_allowdeny'],$testValue.':DENY'))   {
00445                                         $out = FALSE;
00446                                 }
00447                         break;
00448                         case 'individual':
00449                                 t3lib_div::loadTCA($table);
00450                                 if (is_array($TCA[$table]) && is_array($TCA[$table]['columns'][$field]))        {
00451                                         $items = $TCA[$table]['columns'][$field]['config']['items'];
00452                                         if (is_array($items))   {
00453                                                 foreach($items as $iCfg)        {
00454                                                         if (!strcmp($iCfg[1],$value) && $iCfg[4])       {
00455                                                                 switch((string)$iCfg[4])        {
00456                                                                         case 'EXPL_ALLOW':
00457                                                                                 if (!$this->inList($this->groupData['explicit_allowdeny'],$testValue.':ALLOW')) {
00458                                                                                         $out = FALSE;
00459                                                                                 }
00460                                                                         break;
00461                                                                         case 'EXPL_DENY':
00462                                                                                 if ($this->inList($this->groupData['explicit_allowdeny'],$testValue.':DENY'))   {
00463                                                                                         $out = FALSE;
00464                                                                                 }
00465                                                                         break;
00466                                                                 }
00467                                                                 break;
00468                                                         }
00469                                                 }
00470                                         }
00471                                 }
00472                         break;
00473                 }
00474 
00475                 return $out;
00476         }
00477 
00484         function checkLanguageAccess($langValue)        {
00485                 if (strcmp($this->groupData['allowed_languages'],''))   {       // The users language list must be non-blank - otherwise all languages are allowed.
00486                         $langValue = intval($langValue);
00487                         if ($langValue != -1 && !$this->check('allowed_languages',$langValue))  {       // Language must either be explicitly allowed OR the lang Value be "-1" (all languages)
00488                                 return FALSE;
00489                         }
00490                 }
00491                 return TRUE;
00492         }
00493 
00504         function recordEditAccessInternals($table,$idOrRow)     {
00505                 global $TCA;
00506 
00507                 if (isset($TCA[$table]))        {
00508                         t3lib_div::loadTCA($table);
00509 
00510                                 // Always return true for Admin users.
00511                         if ($this->isAdmin())   return TRUE;
00512 
00513                                 // Fetching the record if the $idOrRow variable was not an array on input:
00514                         if (!is_array($idOrRow))        {
00515                                 $idOrRow = t3lib_BEfunc::getRecord($table, $idOrRow);
00516                                 if (!is_array($idOrRow))        {
00517                                         $this->errorMsg = 'ERROR: Record could not be fetched.';
00518                                         return FALSE;
00519                                 }
00520                         }
00521 
00522                                 // Checking languages:
00523                         if ($TCA[$table]['ctrl']['languageField'])      {
00524                                 if (isset($idOrRow[$TCA[$table]['ctrl']['languageField']]))     {       // Language field must be found in input row - otherwise it does not make sense.
00525                                         if (!$this->checkLanguageAccess($idOrRow[$TCA[$table]['ctrl']['languageField']]))       {
00526                                                 $this->errorMsg = 'ERROR: Language was not allowed.';
00527                                                 return FALSE;
00528                                         }
00529                                 }
00530                         }
00531 
00532                                 // Checking authMode fields:
00533                         if (is_array($TCA[$table]['columns']))  {
00534                                 foreach($TCA[$table]['columns'] as $fN => $fV)  {
00535                                         if (isset($idOrRow[$fN]))       {       //
00536                                                 if ($fV['config']['type']=='select' && $fV['config']['authMode'] && !strcmp($fV['config']['authMode_enforce'],'strict')) {
00537                                                         if (!$this->checkAuthMode($table,$fN,$idOrRow[$fN],$fV['config']['authMode']))  {
00538                                                                 $this->errorMsg = 'ERROR: authMode "'.$fV['config']['authMode'].'" failed for field "'.$fN.'" with value "'.$idOrRow[$fN].'" evaluated';
00539                                                                 return FALSE;
00540                                                         }
00541                                                 }
00542                                         }
00543                                 }
00544                         }
00545 
00546                                 // Checking "editlock" feature
00547                         if ($TCA[$table]['ctrl']['editlock'] && $idOrRow[$TCA[$table]['ctrl']['editlock']])     {
00548                                 $this->errorMsg = 'ERROR: Record was locked for editing. Only admin users can change this state.';
00549                                 return FALSE;
00550                         }
00551 
00552                                 // Checking record permissions
00553                         // THIS is where we can include a check for "perms_" fields for other records than pages...
00554 
00555                                 // Finally, return true if all is well.
00556                         return TRUE;
00557                 }
00558         }
00559 
00569         function isPSet($lCP,$table,$type='')   {
00570                 if ($this->isAdmin())   return true;
00571                 if ($table=='pages')    {
00572                         if ($type=='edit')      return $lCP & 2;
00573                         if ($type=='new')       return ($lCP & 8) || ($lCP & 16);       // Create new page OR pagecontent
00574                         if ($type=='delete')    return $lCP & 4;
00575                         if ($type=='editcontent')       return $lCP & 16;
00576                 } else {
00577                         return $lCP & 16;
00578                 }
00579         }
00580 
00586         function mayMakeShortcut()      {
00587                 return $this->getTSConfigVal('options.shortcutFrame') && !$this->getTSConfigVal('options.mayNotCreateEditShortcuts');
00588         }
00589 
00590 
00591 
00592 
00593 
00594 
00595 
00596 
00597 
00598 
00599         /*************************************
00600          *
00601          * Miscellaneous functions
00602          *
00603          *************************************/
00604 
00614         function getTSConfig($objectString,$config='')  {
00615                 if (!is_array($config)) {
00616                         $config=$this->userTS;  // Getting Root-ts if not sent
00617                 }
00618                 $TSConf=array();
00619                 $parts = explode('.',$objectString,2);
00620                 $key = $parts[0];
00621                 if (trim($key)) {
00622                         if (count($parts)>1 && trim($parts[1])) {
00623                                 // Go on, get the next level
00624                                 if (is_array($config[$key.'.']))        $TSConf = $this->getTSConfig($parts[1],$config[$key.'.']);
00625                         } else {
00626                                 $TSConf['value']=$config[$key];
00627                                 $TSConf['properties']=$config[$key.'.'];
00628                         }
00629                 }
00630                 return $TSConf;
00631         }
00632 
00640         function getTSConfigVal($objectString)  {
00641                 $TSConf = $this->getTSConfig($objectString);
00642                 return $TSConf['value'];
00643         }
00644 
00652         function getTSConfigProp($objectString) {
00653                 $TSConf = $this->getTSConfig($objectString);
00654                 return $TSConf['properties'];
00655         }
00656 
00664         function inList($in_list,$item) {
00665                 return strstr(','.$in_list.',', ','.$item.',');
00666         }
00667 
00675         function returnWebmounts()      {
00676                 return (string)($this->groupData['webmounts'])!='' ? explode(',',$this->groupData['webmounts']) : Array();
00677         }
00678 
00685         function returnFilemounts()     {
00686                 return $this->groupData['filemounts'];
00687         }
00688 
00689 
00690 
00691 
00692 
00693 
00694 
00695 
00696 
00697 
00698 
00699 
00700         /*************************************
00701          *
00702          * Authentication methods
00703          *
00704          *************************************/
00705 
00706 
00715         function fetchGroupData()       {
00716                 if ($this->user['uid']) {
00717 
00718                                 // Get lists for the be_user record and set them as default/primary values.
00719                         $this->dataLists['modList'] = $this->user['userMods'];                                  // Enabled Backend Modules
00720                         $this->dataLists['allowed_languages'] = $this->user['allowed_languages'];                                       // Add Allowed Languages
00721                         $this->dataLists['webmount_list'] = $this->user['db_mountpoints'];              // Database mountpoints
00722                         $this->dataLists['filemount_list'] = $this->user['file_mountpoints'];   // File mountpoints
00723 
00724                                 // Setting default User TSconfig:
00725                         $this->TSdataArray[]=$this->addTScomment('From $GLOBALS["TYPO3_CONF_VARS"]["BE"]["defaultUserTSconfig"]:').
00726                                                                         $GLOBALS['TYPO3_CONF_VARS']['BE']['defaultUserTSconfig'];
00727 
00728                                 // Default TSconfig for admin-users
00729                         if ($this->isAdmin())   {
00730                                 $this->TSdataArray[]=$this->addTScomment('"admin" user presets:').'
00731                                         admPanel.enable.all = 1
00732                                         options.shortcutFrame = 1
00733                                 ';
00734                                 if (t3lib_extMgm::isLoaded('sys_note')) {
00735                                         $this->TSdataArray[]='
00736                                                 // Setting defaults for sys_note author / email...
00737                                                 TCAdefaults.sys_note.author = '.$this->user['realName'].'
00738                                                 TCAdefaults.sys_note.email = '.$this->user['email'].'
00739                                         ';
00740                                 }
00741                         }
00742 
00743                                 // FILE MOUNTS:
00744                                 // Admin users has the base fileadmin dir mounted
00745                         if ($this->isAdmin() && $GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'])      {
00746                                 $this->addFileMount($GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'], '', PATH_site.$GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'], 0, '');
00747                         }
00748 
00749                                 // If userHomePath is set, we attempt to mount it
00750                         if ($GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath'])  {
00751                                         // First try and mount with [uid]_[username]
00752                                 $didMount=$this->addFileMount($this->user['username'], '',$GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath'].$this->user['uid'].'_'.$this->user['username'].$GLOBALS['TYPO3_CONF_VARS']['BE']['userUploadDir'], 0, 'user');
00753                                 if (!$didMount) {
00754                                                 // If that failed, try and mount with only [uid]
00755                                         $this->addFileMount($this->user['username'], '', $GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath'].$this->user['uid'].$GLOBALS['TYPO3_CONF_VARS']['BE']['userUploadDir'], 0, 'user');
00756                                 }
00757                         }
00758 
00759                                 // BE_GROUPS:
00760                                 // Get the groups...
00761 #                       $grList = t3lib_BEfunc::getSQLselectableList($this->user[$this->usergroup_column],$this->usergroup_table,$this->usergroup_table);
00762                         $grList = $GLOBALS['TYPO3_DB']->cleanIntList($this->user[$this->usergroup_column]);     // 240203: Since the group-field never contains any references to groups with a prepended table name we think it's safe to just intExplode and re-implode - which should be much faster than the other function call.
00763                         if ($grList)    {
00764                                         // Fetch groups will add a lot of information to the internal arrays: modules, accesslists, TSconfig etc. Refer to fetchGroups() function.
00765                                 $this->fetchGroups($grList);
00766                         }
00767 
00768                                 // Add the TSconfig for this specific user:
00769                         $this->TSdataArray[] = $this->addTScomment('USER TSconfig field').$this->user['TSconfig'];
00770                                 // Check include lines.
00771                         $this->TSdataArray = t3lib_TSparser::checkIncludeLines_array($this->TSdataArray);
00772 
00773                                 // Parsing the user TSconfig (or getting from cache)
00774                         $this->userTS_text = implode(chr(10).'[GLOBAL]'.chr(10),$this->TSdataArray);    // Imploding with "[global]" will make sure that non-ended confinements with braces are ignored.
00775                         $hash = md5('userTS:'.$this->userTS_text);
00776                         $cachedContent = t3lib_BEfunc::getHash($hash,0);
00777                         if (isset($cachedContent) && !$this->userTS_dontGetCached)      {
00778                                 $this->userTS = unserialize($cachedContent);
00779                         } else {
00780                                 $parseObj = t3lib_div::makeInstance('t3lib_TSparser');
00781                                 $parseObj->parse($this->userTS_text);
00782                                 $this->userTS = $parseObj->setup;
00783                                 t3lib_BEfunc::storeHash($hash,serialize($this->userTS),'BE_USER_TSconfig');
00784                                         // Update UC:
00785                                 $this->userTSUpdated=1;
00786                         }
00787 
00788                                 // Processing webmounts
00789                         if ($this->isAdmin() && !$this->getTSConfigVal('options.dontMountAdminMounts')) {       // Admin's always have the root mounted
00790                                 $this->dataLists['webmount_list']='0,'.$this->dataLists['webmount_list'];
00791                         }
00792 
00793                                 // Processing filemounts
00794                         $this->dataLists['filemount_list'] = t3lib_div::uniqueList($this->dataLists['filemount_list']);
00795                         if ($this->dataLists['filemount_list']) {
00796                                 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', 'sys_filemounts', 'deleted=0 AND hidden=0 AND pid=0 AND uid IN ('.$this->dataLists['filemount_list'].')');
00797                                 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))      {
00798                                         $this->addFileMount($row['title'], $row['path'], $row['path'], $row['base']?1:0, '');
00799                                 }
00800                         }
00801 
00802                                 // The lists are cleaned for duplicates
00803                         $this->groupData['webmounts'] = t3lib_div::uniqueList($this->dataLists['webmount_list']);
00804                         $this->groupData['pagetypes_select'] = t3lib_div::uniqueList($this->dataLists['pagetypes_select']);
00805                         $this->groupData['tables_select'] = t3lib_div::uniqueList($this->dataLists['tables_modify'].','.$this->dataLists['tables_select']);
00806                         $this->groupData['tables_modify'] = t3lib_div::uniqueList($this->dataLists['tables_modify']);
00807                         $this->groupData['non_exclude_fields'] = t3lib_div::uniqueList($this->dataLists['non_exclude_fields']);
00808                         $this->groupData['explicit_allowdeny'] = t3lib_div::uniqueList($this->dataLists['explicit_allowdeny']);
00809                         $this->groupData['allowed_languages'] = t3lib_div::uniqueList($this->dataLists['allowed_languages']);
00810                         $this->groupData['custom_options'] = t3lib_div::uniqueList($this->dataLists['custom_options']);
00811                         $this->groupData['modules'] = t3lib_div::uniqueList($this->dataLists['modList']);
00812 
00813                                 // populating the $this->userGroupsUID -array with the groups in the order in which they were LAST included.!!
00814                         $this->userGroupsUID = array_reverse(array_unique(array_reverse($this->includeGroupArray)));
00815 
00816                                 // Finally this is the list of group_uid's in the order they are parsed (including subgroups!) and without duplicates (duplicates are presented with their last entrance in the list, which thus reflects the order of the TypoScript in TSconfig)
00817                         $this->groupList = implode(',',$this->userGroupsUID);
00818                         $this->setCachedList($this->groupList);
00819                 }
00820         }
00821 
00831         function fetchGroups($grList,$idList='')        {
00832 
00833                         // Fetching records of the groups in $grList (which are not blocked by lockedToDomain either):
00834                 $lockToDomain_SQL = ' AND (lockToDomain=\'\' OR lockToDomain=\''.t3lib_div::getIndpEnv('HTTP_HOST').'\')';
00835                 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', $this->usergroup_table, 'deleted=0 AND hidden=0 AND pid=0 AND uid IN ('.$grList.')'.$lockToDomain_SQL);
00836 
00837                         // The userGroups array is filled
00838                 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))      {
00839                         $this->userGroups[$row['uid']] = $row;
00840                 }
00841 
00842                         // Traversing records in the correct order
00843                 $include_staticArr = t3lib_div::intExplode(',',$grList);
00844                 reset($include_staticArr);
00845                 while(list(,$uid)=each($include_staticArr))     {       // traversing list
00846 
00847                                 // Get row:
00848                         $row=$this->userGroups[$uid];
00849                         if (is_array($row) && !t3lib_div::inList($idList,$uid)) {       // Must be an array and $uid should not be in the idList, because then it is somewhere previously in the grouplist
00850 
00851                                         // Include sub groups
00852                                 if (trim($row['subgroup']))     {
00853                                         $theList = implode(',',t3lib_div::intExplode(',',$row['subgroup']));    // Make integer list
00854                                         $this->fetchGroups($theList, $idList.','.$uid);         // Call recursively, pass along list of already processed groups so they are not recursed again.
00855                                 }
00856                                         // Add the group uid, current list, TSconfig to the internal arrays.
00857                                 $this->includeGroupArray[]=$uid;
00858                                 $this->includeHierarchy[]=$idList;
00859                                 $this->TSdataArray[] = $this->addTScomment('Group "'.$row['title'].'" ['.$row['uid'].'] TSconfig field:').$row['TSconfig'];
00860 
00861                                         // Mount group database-mounts
00862                                 if (($this->user['options']&1) == 1)    {       $this->dataLists['webmount_list'].= ','.$row['db_mountpoints']; }
00863 
00864                                         // Mount group file-mounts
00865                                 if (($this->user['options']&2) == 2)    {       $this->dataLists['filemount_list'].= ','.$row['file_mountpoints'];      }
00866 
00867                                         // Mount group home-dirs
00868                                 if (($this->user['options']&2) == 2)    {
00869                                                 // If groupHomePath is set, we attempt to mount it
00870                                         if ($GLOBALS['TYPO3_CONF_VARS']['BE']['groupHomePath']) {
00871                                                 $this->addFileMount($row['title'], '', $GLOBALS['TYPO3_CONF_VARS']['BE']['groupHomePath'].$row['uid'], 0, 'group');
00872                                         }
00873                                 }
00874 
00875                                         // The lists are made: groupMods, tables_select, tables_modify, pagetypes_select, non_exclude_fields, explicit_allowdeny, allowed_languages, custom_options
00876                                 if ($row['inc_access_lists']==1)        {
00877                                         $this->dataLists['modList'].= ','.$row['groupMods'];
00878                                         $this->dataLists['tables_select'].= ','.$row['tables_select'];
00879                                         $this->dataLists['tables_modify'].= ','.$row['tables_modify'];
00880                                         $this->dataLists['pagetypes_select'].= ','.$row['pagetypes_select'];
00881                                         $this->dataLists['non_exclude_fields'].= ','.$row['non_exclude_fields'];
00882                                         $this->dataLists['explicit_allowdeny'].= ','.$row['explicit_allowdeny'];
00883                                         $this->dataLists['allowed_languages'].= ','.$row['allowed_languages'];
00884                                         $this->dataLists['custom_options'].= ','.$row['custom_options'];
00885                                 }
00886                                         // If this function is processing the users OWN group-list (not subgroups) AND if the ->firstMainGroup is not set, then the ->firstMainGroup will be set.
00887                                 if (!strcmp($idList,'') && !$this->firstMainGroup)      {
00888                                         $this->firstMainGroup=$uid;
00889                                 }
00890                         }
00891                 }
00892 
00893         }
00894 
00903         function setCachedList($cList)  {
00904                 if ((string)$cList != (string)$this->user['usergroup_cached_list'])     {
00905                         $GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_users', 'uid='.intval($this->user['uid']), array('usergroup_cached_list' => $cList));
00906                 }
00907         }
00908 
00923         function addFileMount($title, $altTitle, $path, $webspace, $type)       {
00924                         // Return false if fileadminDir is not set and we try to mount a relative path
00925                 if ($webspace && !$GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'])    return false;
00926 
00927                         // Trimming and pre-processing
00928                 $path=trim($path);
00929                 if ($this->OS=='WIN')   {               // with WINDOWS convert backslash to slash!!
00930                         $path=str_replace('\\','/',$path);
00931                 }
00932                         // If the path is true and validates as a valid path string:
00933                 if ($path && t3lib_div::validPathStr($path))    {
00934                                 // these lines remove all slashes and dots before and after the path
00935                         $path=ereg_replace('^[\/\. ]*','',$path);
00936                         $path=trim(ereg_replace('[\/\. ]*$','',$path));
00937 
00938 
00939                         if ($path)      {       // there must be some chars in the path
00940                                 $fdir=PATH_site.$GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'];      // fileadmin dir, absolute
00941                                 if ($webspace)  {
00942                                         $path=$fdir.$path;      // PATH_site + fileadmin dir is prepended
00943                                 } else {
00944                                         if ($this->OS!='WIN')   {               // with WINDOWS no prepending!!
00945                                                 $path='/'.$path;        // root-level is the start...
00946                                         }
00947                                 }
00948                                 $path.='/';
00949 
00950                                         // We now have a path with slash after and slash before (if unix)
00951                                 if (@is_dir($path) &&
00952                                         (($GLOBALS['TYPO3_CONF_VARS']['BE']['lockRootPath'] && t3lib_div::isFirstPartOfStr($path,$GLOBALS['TYPO3_CONF_VARS']['BE']['lockRootPath'])) || t3lib_div::isFirstPartOfStr($path,$fdir)))      {
00953                                                         // Alternative title?
00954                                                 $name = $title ? $title : $altTitle;
00955                                                         // Adds the filemount. The same filemount with same name, type and path cannot be set up twice because of the hash string used as key.
00956                                                 $this->groupData['filemounts'][md5($name.'|'.$path.'|'.$type)] = Array('name'=>$name, 'path'=>$path, 'type'=>$type);
00957                                                         // Return true - went well, success!
00958                                                 return 1;
00959                                 }
00960                         }
00961                 }
00962         }
00963 
00970         function addTScomment($str)     {
00971                 $delimiter = '# ***********************************************';
00972 
00973                 $out = $delimiter.chr(10);
00974                 $lines = t3lib_div::trimExplode(chr(10),$str);
00975                 foreach($lines as $v)   {
00976                         $out.= '# '.$v.chr(10);
00977                 }
00978                 $out.= $delimiter.chr(10);
00979                 return $out;
00980         }
00981 
00982 
00983 
00984 
00985 
00986 
00987 
00988 
00989 
00990 
00991 
00992 
00993         /************************************
00994          *
00995          * Logging
00996          *
00997          ************************************/
00998 
00999 
01017         function writelog($type,$action,$error,$details_nr,$details,$data,$tablename='',$recuid='',$recpid='',$event_pid=-1,$NEWid='') {
01018 
01019                 $fields_values = Array (
01020                         'userid' => intval($this->user['uid']),
01021                         'type' => intval($type),
01022                         'action' => intval($action),
01023                         'error' => intval($error),
01024                         'details_nr' => intval($details_nr),
01025                         'details' => $details,
01026                         'log_data' => serialize($data),
01027                         'tablename' => $tablename,
01028                         'recuid' => intval($recuid),
01029                         'recpid' => intval($recpid),
01030                         'IP' => t3lib_div::getIndpEnv('REMOTE_ADDR'),
01031                         'tstamp' => $GLOBALS['EXEC_TIME'],
01032                         'event_pid' => intval($event_pid),
01033                         'NEWid' => $NEWid
01034                 );
01035 
01036                 $GLOBALS['TYPO3_DB']->exec_INSERTquery('sys_log', $fields_values);
01037                 return $GLOBALS['TYPO3_DB']->sql_insert_id();
01038         }
01039 
01050         function checkLogFailures($email, $secondsBack=3600, $max=3)    {
01051 
01052                 if ($email)     {
01053 
01054                                 // get last flag set in the log for sending
01055                         $theTimeBack = time()-$secondsBack;
01056                         $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
01057                                                         'tstamp',
01058                                                         'sys_log',
01059                                                         'type=255 AND action=4 AND tstamp>'.intval($theTimeBack),
01060                                                         '',
01061                                                         'tstamp DESC',
01062                                                         '1'
01063                                                 );
01064                         if ($testRow = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))     {
01065                                 $theTimeBack = $testRow['tstamp'];
01066                         }
01067 
01068                                 // Check for more than $max number of error failures with the last period.
01069                         $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
01070                                                         '*',
01071                                                         'sys_log',
01072                                                         'type=255 AND action=3 AND error!=0 AND tstamp>'.intval($theTimeBack),
01073                                                         '',
01074                                                         'tstamp'
01075                                                 );
01076                         if ($GLOBALS['TYPO3_DB']->sql_num_rows($res) > $max)    {
01077                                         // OK, so there were more than the max allowed number of login failures - so we will send an email then.
01078                                 $subject = 'TYPO3 Login Failure Warning (at '.$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'].')';
01079                                 $email_body = '
01080 There has been numerous attempts ('.$GLOBALS['TYPO3_DB']->sql_num_rows($res).') to login at the TYPO3
01081 site "'.$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'].'" ('.t3lib_div::getIndpEnv('HTTP_HOST').').
01082 
01083 This is a dump of the failures:
01084 
01085 ';
01086                                 while($testRows = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))  {
01087                                         $theData = unserialize($testRows['log_data']);
01088                                         $email_body.=date($GLOBALS['TYPO3_CONF_VARS']['SYS']['ddmmyy'].' H:i',$testRows['tstamp']).':  '.@sprintf($testRows['details'],''.$theData[0],''.$theData[1],''.$theData[2]);
01089                                         $email_body.=chr(10);
01090                                 }
01091                                 mail(   $email,
01092                                                 $subject,
01093                                                 $email_body,
01094                                                 'From: TYPO3 Login WARNING<>'
01095                                 );
01096                                 $this->writelog(255,4,0,3,'Failure warning (%s failures within %s seconds) sent by email to %s',Array($GLOBALS['TYPO3_DB']->sql_num_rows($res),$secondsBack,$email));   // Logout written to log
01097                         }
01098                 }
01099         }
01100 }
01101 
01102 
01103 
01104 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_userauthgroup.php'])     {
01105         include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_userauthgroup.php']);
01106 }
01107 ?>


Généré par Les experts TYPO3 avec  doxygen 1.4.6