"TYPO3 4.0.1: typo3_src-4.0.1/t3lib/class.t3lib_beuserauth.php Source File", "datetime" => "Sat Dec 2 19:22:17 2006", "date" => "2 Dec 2006", "doxygenversion" => "1.4.6", "projectname" => "TYPO3 4.0.1", "projectnumber" => "4.0.1" ); get_header($doxygen_vars); ?>
typo3_src-4.0.1 » t3lib

class.t3lib_beuserauth.php

00001 <?php
00002 /***************************************************************
00003 *  Copyright notice
00004 *
00005 *  (c) 1999-2006 Kasper Skaarhoj (kasperYYYY@typo3.com)
00006 *  All rights reserved
00007 *
00008 *  This script is part of the TYPO3 project. The TYPO3 project is
00009 *  free software; you can redistribute it and/or modify
00010 *  it under the terms of the GNU General Public License as published by
00011 *  the Free Software Foundation; either version 2 of the License, or
00012 *  (at your option) any later version.
00013 *
00014 *  The GNU General Public License can be found at
00015 *  http://www.gnu.org/copyleft/gpl.html.
00016 *  A copy is found in the textfile GPL.txt and important notices to the license
00017 *  from the author is found in LICENSE.txt distributed with these scripts.
00018 *
00019 *
00020 *  This script is distributed in the hope that it will be useful,
00021 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00022 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00023 *  GNU General Public License for more details.
00024 *
00025 *  This copyright notice MUST APPEAR in all copies of the script!
00026 ***************************************************************/
00076 class t3lib_beUserAuth extends t3lib_userAuthGroup {
00077         var $session_table = 'be_sessions';             // Table to use for session data.
00078         var $name = 'be_typo_user';                 // Session/Cookie name
00079 
00080         var $user_table = 'be_users';                                   // Table in database with userdata
00081         var $username_column = 'username';                      // Column for login-name
00082         var $userident_column = 'password';             // Column for password
00083         var $userid_column = 'uid';                                     // Column for user-id
00084         var $lastLogin_column = 'lastlogin';
00085         var $notifyHeader = 'From: TYPO3 Login notify <no_reply@no_reply.no_reply>';
00086 
00087         var $enablecolumns = Array (
00088                 'rootLevel' => 1,
00089                 'deleted' => 'deleted',
00090                 'disabled' => 'disable',
00091                 'starttime' => 'starttime',
00092                 'endtime' => 'endtime'
00093         );
00094 
00095         var $formfield_uname = 'username';                      // formfield with login-name
00096         var $formfield_uident = 'userident';            // formfield with password
00097         var $formfield_chalvalue = 'challenge';         // formfield with a unique value which is used to encrypt the password and username
00098         var $formfield_status = 'login_status';         // formfield with status: *'login', 'logout'
00099         var $security_level = 'superchallenged';        // sets the level of security. *'normal' = clear-text. 'challenged' = hashed password/username from form in $formfield_uident. 'superchallenged' = hashed password hashed again with username.
00100 
00101         var $writeStdLog = 1;                                   // Decides if the writelog() function is called at login and logout
00102         var $writeAttemptLog = 1;                               // If the writelog() functions is called if a login-attempt has be tried without success
00103 
00104         var $auth_include = '';                                         // this is the name of the include-file containing the login form. If not set, login CAN be anonymous. If set login IS needed.
00105 
00106         var $auth_timeout_field = 6000;                         // if > 0 : session-timeout in seconds. if false/<0 : no timeout. if string: The string is fieldname from the usertable where the timeout can be found.
00107         var $lifetime = 0;                              // 0 = Session-cookies. If session-cookies, the browser will stop session when the browser is closed. Else it keeps the session for $lifetime seconds.
00108         var $challengeStoredInCookie = TRUE;
00109 
00110 
00111                 // User Config:
00112         var $uc;
00113 
00114                 // User Config Default values:
00115                 // The array may contain other fields for configuration. For this, see "setup" extension and "TSConfig" document (User TSconfig, "setup.[xxx]....")
00116                 /*
00117                         Reserved keys for other storage of session data:
00118                         moduleData
00119                         moduleSessionID
00120                 */
00121         var $uc_default = Array (
00122                 'interfaceSetup' => '', // serialized content that is used to store interface pane and menu positions. Set by the logout.php-script
00123                 'moduleData' => Array(),        // user-data for the modules
00124                 'thumbnailsByDefault' => 0,
00125                 'emailMeAtLogin' => 0,
00126                 'condensedMode' => 0,
00127                 'noMenuMode' => 0,
00128                 'startInTaskCenter' => 0,
00129                 'hideSubmoduleIcons' => 0,
00130                 'helpText' => 1,
00131                 'titleLen' => 30,
00132                 'edit_wideDocument' => '0',
00133                 'edit_showFieldHelp' => 'icon',
00134                 'edit_RTE' => '1',
00135                 'edit_docModuleUpload' => '1',
00136                 'disableCMlayers' => 0,
00137                 'navFrameWidth' => '',  // Default is 245 pixels
00138                 'navFrameResizable' => 0,
00139         );
00140 
00141 
00150         function trackBeUser($flag)     {
00151                 if ($flag && t3lib_extMgm::isLoaded('beuser_tracking')) {
00152                         $insertFields = array(
00153                                 'userid' => intval($this->user['uid']),
00154                                 'tstamp' => time(),
00155                                 'script' => t3lib_div::getIndpEnv('REQUEST_URI')
00156                         );
00157 
00158                         $GLOBALS['TYPO3_DB']->exec_INSERTquery('sys_trackbeuser', $insertFields);
00159                 }
00160         }
00161 
00168         function checkLockToIP()        {
00169                 global $TYPO3_CONF_VARS;
00170                 $out = 1;
00171                 if ($TYPO3_CONF_VARS['BE']['enabledBeUserIPLock'])      {
00172                         $IPList = $this->getTSConfigVal('options.lockToIP');
00173                         if (trim($IPList))      {
00174                                 $baseIP = t3lib_div::getIndpEnv('REMOTE_ADDR');
00175                                 $out = t3lib_div::cmpIP($baseIP, $IPList);
00176                         }
00177                 }
00178                 return $out;
00179         }
00180 
00188         function backendCheckLogin()    {
00189                 if (!$this->user['uid'])        {
00190                         if (!defined('TYPO3_PROCEED_IF_NO_USER') || !TYPO3_PROCEED_IF_NO_USER)  {
00191                                 t3lib_BEfunc::typo3PrintError ('Login-error or session timed-out', 'No user logged in! Sorry, I can\'t proceed then!<br /><br />(You must have cookies enabled!)<br /><br />If your session has just timed-out, you may<br /><a href="'.t3lib_div::locationHeaderUrl(t3lib_div::getIndpEnv('TYPO3_SITE_URL').TYPO3_mainDir.'index.php'.'" target="_top">click here to re-login</a>.',0));
00192                                 exit;
00193                         }
00194                 } else {        // ...and if that's the case, call these functions
00195                         $this->fetchGroupData();        //      The groups are fetched and ready for permission checking in this initialization.        Tables.php must be read before this because stuff like the modules has impact in this
00196                         if ($this->checkLockToIP())     {
00197                                 if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] || $this->isAdmin())        {
00198                                         $this->backendSetUC();          // Setting the UC array. It's needed with fetchGroupData first, due to default/overriding of values.
00199                                         $this->emailAtLogin();          // email at login - if option set.
00200                                 } else {
00201                                         t3lib_BEfunc::typo3PrintError ('Login-error','TYPO3 is in maintenance mode at the moment. Only administrators are allowed access.',0);
00202                                         exit;
00203                                 }
00204                         } else {
00205                                 t3lib_BEfunc::typo3PrintError ('Login-error','IP locking prevented you from being authorized. Can\'t proceed, sorry.',0);
00206                                 exit;
00207                         }
00208                 }
00209         }
00210 
00216         function checkCLIuser() {
00217                         // First, check if cliMode is enabled:
00218                 if (defined('TYPO3_cliMode') && TYPO3_cliMode)  {
00219                         if (!$this->user['uid'])        {
00220                                 if (substr($GLOBALS['MCONF']['name'],0,5)=='_CLI_')     {
00221                                         $userName = strtolower($GLOBALS['MCONF']['name']);
00222                                         $this->setBeUserByName($userName);
00223                                         if ($this->user['uid']) {
00224                                                 if (!$this->isAdmin())  {
00225                                                         return TRUE;
00226                                                 } else die('ERROR: CLI backend user "'.$userName.'" was ADMIN which is not allowed!'.chr(10).chr(10));
00227                                         } else die('ERROR: No backend user named "'.$userName.'" was found! [Database: '.TYPO3_db.']'.chr(10).chr(10));
00228                                 } else die('ERROR: Module name, "'.$GLOBALS['MCONF']['name'].'", was not prefixed with "_CLI_"'.chr(10).chr(10));
00229                         } else die('ERROR: Another user was already loaded which is impossible in CLI mode!'.chr(10).chr(10));
00230                 }
00231         }
00232 
00240         function backendSetUC() {
00241                 global $TYPO3_CONF_VARS;
00242 
00243                         // UC - user configuration is a serialized array inside the userobject
00244                 $temp_theSavedUC=unserialize($this->user['uc']);                // if there is a saved uc we implement that instead of the default one.
00245                 if (is_array($temp_theSavedUC)) {
00246                         $this->unpack_uc($temp_theSavedUC);
00247                 }
00248                         // Setting defaults if uc is empty
00249                 if (!is_array($this->uc))       {
00250                         $this->uc = array_merge($this->uc_default, (array)$TYPO3_CONF_VARS['BE']['defaultUC'], (array)$this->getTSConfigProp('setup.default')); // Candidate for t3lib_div::array_merge() if integer-keys will some day make trouble...
00251                         $this->overrideUC();
00252                         $U=1;
00253                 }
00254                         // If TSconfig is updated, update the defaultUC.
00255                 if ($this->userTSUpdated)       {
00256                         $this->overrideUC();
00257                         $U=1;
00258                 }
00259                         // Setting default lang from be_user record.
00260                 if (!isset($this->uc['lang']))  {
00261                         $this->uc['lang']=$this->user['lang'];
00262                         $U=1;
00263                 }
00264 
00265                         // Saving if updated.
00266                 if ($U) {
00267                         $this->writeUC();       // Method from the t3lib_userauth class.
00268                 }
00269         }
00270 
00278         function overrideUC()   {
00279                 $this->uc = array_merge((array)$this->uc, (array)$this->getTSConfigProp('setup.override'));     // Candidate for t3lib_div::array_merge() if integer-keys will some day make trouble...
00280         }
00281 
00288         function resetUC()      {
00289                 $this->user['uc']='';
00290                 $this->uc='';
00291                 $this->backendSetUC();
00292         }
00293 
00301         function emailAtLogin() {
00302                 if ($this->loginSessionStarted) {
00303                                 // Send notify-mail
00304                         $subject = 'At "'.$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'].'"'.
00305                                                 ' from '.t3lib_div::getIndpEnv('REMOTE_ADDR').
00306                                                 (t3lib_div::getIndpEnv('REMOTE_HOST') ? ' ('.t3lib_div::getIndpEnv('REMOTE_HOST').')' : '');
00307                         $msg = sprintf ('User "%s" logged in from %s (%s) at "%s" (%s)',
00308                                 $this->user['username'],
00309                                 t3lib_div::getIndpEnv('REMOTE_ADDR'),
00310                                 t3lib_div::getIndpEnv('REMOTE_HOST'),
00311                                 $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'],
00312                                 t3lib_div::getIndpEnv('HTTP_HOST')
00313                         );
00314 
00315                                 // Warning email address
00316                         if ($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'])    {
00317                                 $warn=0;
00318                                 $prefix='';
00319                                 if (intval($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_mode']) & 1)      {       // first bit: All logins
00320                                         $warn=1;
00321                                         $prefix= $this->isAdmin() ? '[AdminLoginWarning]' : '[LoginWarning]';
00322                                 }
00323                                 if ($this->isAdmin() && (intval($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_mode']) & 2))        {       // second bit: Only admin-logins
00324                                         $warn=1;
00325                                         $prefix='[AdminLoginWarning]';
00326                                 }
00327                                 if ($warn)      {
00328                                         mail($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'],
00329                                                 $prefix.' '.$subject,
00330                                                 $msg,
00331                                                 $this->notifyHeader
00332                                         );
00333                                 }
00334                         }
00335 
00336                                 // If An email should be sent to the current user, do that:
00337                         if ($this->uc['emailMeAtLogin'] && strstr($this->user['email'],'@'))    {
00338                                 mail($this->user['email'],
00339                                         $subject,
00340                                         $msg,
00341                                         $this->notifyHeader
00342                                 );
00343                         }
00344                 }
00345         }
00346 
00353         function veriCode()     {
00354                 return substr(md5($this->id.$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']),0,10);
00355         }
00356 }
00357 
00358 
00359 
00360 
00361 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_beuserauth.php'])        {
00362         include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_beuserauth.php']);
00363 }
00364 ?>