"TYPO3 4.0.1: typo3_src-4.0.1/typo3/sysext/sv/class.tx_sv_auth.php Source File", "datetime" => "Sat Dec 2 19:22:34 2006", "date" => "2 Dec 2006", "doxygenversion" => "1.4.6", "projectname" => "TYPO3 4.0.1", "projectnumber" => "4.0.1" ); get_header($doxygen_vars); ?>
00001 <?php 00002 /*************************************************************** 00003 * Copyright notice 00004 * 00005 * (c) 2004-2005 René Fritz <r.fritz@colorcube.de> 00006 * All rights reserved 00007 * 00008 * This script is part of the TYPO3 project. The TYPO3 project is 00009 * free software; you can redistribute it and/or modify 00010 * it under the terms of the GNU General Public License as published by 00011 * the Free Software Foundation; either version 2 of the License, or 00012 * (at your option) any later version. 00013 * 00014 * The GNU General Public License can be found at 00015 * http://www.gnu.org/copyleft/gpl.html. 00016 * A copy is found in the textfile GPL.txt and important notices to the license 00017 * from the author is found in LICENSE.txt distributed with these scripts. 00018 * 00019 * 00020 * This script is distributed in the hope that it will be useful, 00021 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00022 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00023 * GNU General Public License for more details. 00024 * 00025 * This copyright notice MUST APPEAR in all copies of the script! 00026 ***************************************************************/ 00056 class tx_sv_auth extends tx_sv_authbase { 00057 00058 00064 function getUser() { 00065 $user = false; 00066 00067 if ($this->login['status']=='login' AND $this->login['uident']) { 00068 00069 $user = $this->fetchUserRecord($this->login['uname']); 00070 00071 if(!is_array($user)) { 00072 // Failed login attempt (no username found) 00073 $this->writelog(255,3,3,2, 00074 "Login-attempt from %s (%s), username '%s' not found!!", 00075 Array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname'])); // Logout written to log 00076 } else { 00077 if ($this->writeDevLog) t3lib_div::devLog('User found: '.t3lib_div::arrayToLogString($user, array($this->db_user['userid_column'],$this->db_user['username_column'])), 'tx_sv_auth'); 00078 } 00079 } 00080 return $user; 00081 } 00082 00089 function authUser($user) { 00090 $OK = 100; 00091 00092 if ($this->login['uident'] && $this->login['uname']) { 00093 00094 // Checking password match for user: 00095 $OK = $this->compareUident($user, $this->login); 00096 00097 if(!$OK) { 00098 // Failed login attempt (wrong password) - write that to the log! 00099 if ($this->writeAttemptLog) { 00100 $this->writelog(255,3,3,1, 00101 "Login-attempt from %s (%s), username '%s', password not accepted!", 00102 Array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname'])); 00103 } 00104 if ($this->writeDevLog) t3lib_div::devLog('Password not accepted: '.$this->login['uident'], 'tx_sv_auth', 2); 00105 } 00106 00107 // Checking the domain (lockToDomain) 00108 if ($OK && $user['lockToDomain'] && $user['lockToDomain']!=$this->authInfo['HTTP_HOST']) { 00109 // Lock domain didn't match, so error: 00110 if ($this->writeAttemptLog) { 00111 $this->writelog(255,3,3,1, 00112 "Login-attempt from %s (%s), username '%s', locked domain '%s' did not match '%s'!", 00113 Array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->db_user['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST'])); 00114 } 00115 $OK = false; 00116 } 00117 } 00118 00119 return $OK; 00120 } 00121 00129 function getGroups($user, $knownGroups) { 00130 global $TYPO3_CONF_VARS; 00131 00132 $groupDataArr = array(); 00133 00134 if($this->mode=='getGroupsFE') { 00135 00136 $groups = array(); 00137 if (is_array($user) && $user[$this->db_user['usergroup_column']]) { 00138 $groupList = $user[$this->db_user['usergroup_column']]; 00139 $groups = array(); 00140 $this->getSubGroups($groupList,'',$groups); 00141 } 00142 00143 // ADD group-numbers if the IPmask matches. 00144 if (is_array($TYPO3_CONF_VARS['FE']['IPmaskMountGroups'])) { 00145 foreach($TYPO3_CONF_VARS['FE']['IPmaskMountGroups'] as $IPel) { 00146 if ($this->authInfo['REMOTE_ADDR'] && $IPel[0] && t3lib_div::cmpIP($this->authInfo['REMOTE_ADDR'],$IPel[0])) {$groups[]=intval($IPel[1]);} 00147 } 00148 } 00149 00150 $groups = array_unique($groups); 00151 00152 if (count($groups)) { 00153 $list = implode(',',$groups); 00154 00155 if ($this->writeDevLog) t3lib_div::devLog('Get usergroups with id: '.$list, 'tx_sv_auth'); 00156 00157 $lockToDomain_SQL = ' AND (lockToDomain=\'\' OR lockToDomain IS NULL OR lockToDomain=\''.$this->authInfo['HTTP_HOST'].'\')'; 00158 if (!$this->authInfo['showHiddenRecords']) $hiddenP = 'AND hidden=0 '; 00159 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', $this->db_groups['table'], 'deleted=0 '.$hiddenP.' AND uid IN ('.$list.')'.$lockToDomain_SQL); 00160 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) { 00161 $groupDataArr[$row['uid']] = $row; 00162 } 00163 if ($res) $GLOBALS['TYPO3_DB']->sql_free_result($res); 00164 00165 } else { 00166 if ($this->writeDevLog) t3lib_div::devLog('No usergroups found.', 'tx_sv_auth', 2); 00167 } 00168 } elseif ($this->mode=='getGroupsBE') { 00169 00170 # Get the BE groups here 00171 # still needs to be implemented in t3lib_userauthgroup 00172 } 00173 00174 return $groupDataArr; 00175 } 00176 00186 function getSubGroups($grList, $idList='', &$groups) { 00187 00188 // Fetching records of the groups in $grList (which are not blocked by lockedToDomain either): 00189 $lockToDomain_SQL = ' AND (lockToDomain=\'\' OR lockToDomain IS NULL OR lockToDomain=\''.$this->authInfo['HTTP_HOST'].'\')'; 00190 if (!$this->authInfo['showHiddenRecords']) $hiddenP = 'AND hidden=0 '; 00191 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid,subgroup', 'fe_groups', 'deleted=0 '.$hiddenP.' AND uid IN ('.$grList.')'.$lockToDomain_SQL); 00192 00193 $groupRows = array(); // Internal group record storage 00194 00195 // The groups array is filled 00196 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) { 00197 if(!in_array($row['uid'], $groups)) { $groups[] = $row['uid']; } 00198 $groupRows[$row['uid']] = $row; 00199 } 00200 00201 // Traversing records in the correct order 00202 $include_staticArr = t3lib_div::intExplode(',', $grList); 00203 foreach($include_staticArr as $uid) { // traversing list 00204 00205 // Get row: 00206 $row=$groupRows[$uid]; 00207 if (is_array($row) && !t3lib_div::inList($idList,$uid)) { // Must be an array and $uid should not be in the idList, because then it is somewhere previously in the grouplist 00208 00209 // Include sub groups 00210 if (trim($row['subgroup'])) { 00211 $theList = implode(',',t3lib_div::intExplode(',',$row['subgroup'])); // Make integer list 00212 $this->getSubGroups($theList, $idList.','.$uid, $groups); // Call recursively, pass along list of already processed groups so they are not recursed again. 00213 } 00214 } 00215 } 00216 } 00217 } 00218 00219 00220 00221 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/sv/class.tx_sv_auth.php']) { 00222 include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/sv/class.tx_sv_auth.php']); 00223 } 00224 ?>