<?php
  include_once '../doc-typo3-funcs.php';
  $doxygen_vars = array(	"title" => "TYPO3 4.0.1: typo3_src-4.0.1/typo3/sysext/sv/class.tx_sv_auth.php Source File",
				"datetime" => "Sat Dec 2 19:22:34 2006",
				"date" => "2 Dec 2006",
				"doxygenversion" => "1.4.6",
				"projectname" => "TYPO3 4.0.1",
				"projectnumber" => "4.0.1"
			);
  get_header($doxygen_vars);
?>
<!-- Generated by Doxygen 1.4.6 -->
<div class="tabs">
  <ul>
    <li><a href="main.html"><span>Main&nbsp;Page</span></a></li>
    <li><a href="namespaces.html"><span>Namespaces</span></a></li>
    <li><a href="classes.html"><span>Classes</span></a></li>
    <li id="current"><a href="files.html"><span>Files</span></a></li>
    <li><a href="dirs.html"><span>Directories</span></a></li>
    <li><a href="pages.html"><span>Related&nbsp;Pages</span></a></li>
    <li><a href="examples.html"><span>Examples</span></a></li>
    <li>
      <form action="search.php" method="get">
        <table cellspacing="0" cellpadding="0" border="0">
          <tr>
            <td><label>&nbsp;<u>S</u>earch&nbsp;for&nbsp;</label></td>
            <td><input type="text" name="query" value="" size="20" accesskey="s"/></td>
          </tr>
        </table>
      </form>
    </li>
  </ul></div>
<div class="nav">
<a class="el" href="dir_c8daf1ad746050abf985cc546c89e248.html">typo3_src-4.0.1</a>&nbsp;&raquo&nbsp;<a class="el" href="dir_18071ae4545d8b3e0364d30c0659c74a.html">typo3</a>&nbsp;&raquo&nbsp;<a class="el" href="dir_57bf1ed8249c1fd5b014486d01bcb27a.html">sysext</a>&nbsp;&raquo&nbsp;<a class="el" href="dir_d0dc369c21e8a6cb792cb9a9d9f9ae71.html">sv</a></div>
<h1>class.tx_sv_auth.php</h1><div class="fragment"><pre class="fragment"><a name="l00001"></a>00001 &lt;?php
<a name="l00002"></a>00002 <span class="comment">/***************************************************************</span>
<a name="l00003"></a>00003 <span class="comment">*  Copyright notice</span>
<a name="l00004"></a>00004 <span class="comment">*</span>
<a name="l00005"></a>00005 <span class="comment">*  (c) 2004-2005 René Fritz &lt;r.fritz@colorcube.de&gt;</span>
<a name="l00006"></a>00006 <span class="comment">*  All rights reserved</span>
<a name="l00007"></a>00007 <span class="comment">*</span>
<a name="l00008"></a>00008 <span class="comment">*  This script is part of the TYPO3 project. The TYPO3 project is</span>
<a name="l00009"></a>00009 <span class="comment">*  free software; you can redistribute it and/or modify</span>
<a name="l00010"></a>00010 <span class="comment">*  it under the terms of the GNU General Public License as published by</span>
<a name="l00011"></a>00011 <span class="comment">*  the Free Software Foundation; either version 2 of the License, or</span>
<a name="l00012"></a>00012 <span class="comment">*  (at your option) any later version.</span>
<a name="l00013"></a>00013 <span class="comment">*</span>
<a name="l00014"></a>00014 <span class="comment">*  The GNU General Public License can be found at</span>
<a name="l00015"></a>00015 <span class="comment">*  http://www.gnu.org/copyleft/gpl.html.</span>
<a name="l00016"></a>00016 <span class="comment">*  A copy is found in the textfile GPL.txt and important notices to the license</span>
<a name="l00017"></a>00017 <span class="comment">*  from the author is found in LICENSE.txt distributed with these scripts.</span>
<a name="l00018"></a>00018 <span class="comment">*</span>
<a name="l00019"></a>00019 <span class="comment">*</span>
<a name="l00020"></a>00020 <span class="comment">*  This script is distributed in the hope that it will be useful,</span>
<a name="l00021"></a>00021 <span class="comment">*  but WITHOUT ANY WARRANTY; without even the implied warranty of</span>
<a name="l00022"></a>00022 <span class="comment">*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the</span>
<a name="l00023"></a>00023 <span class="comment">*  GNU General Public License for more details.</span>
<a name="l00024"></a>00024 <span class="comment">*</span>
<a name="l00025"></a>00025 <span class="comment">*  This copyright notice MUST APPEAR in all copies of the script!</span>
<a name="l00026"></a>00026 <span class="comment">***************************************************************/</span>
<a name="l00056"></a><a class="code" href="classtx__sv__auth.html">00056</a> <span class="keyword">class </span><a class="code" href="classtx__sv__auth.html">tx_sv_auth</a> <span class="keyword">extends</span> <a class="code" href="classtx__sv__authbase.html">tx_sv_authbase</a>         {
<a name="l00057"></a>00057 
<a name="l00058"></a>00058 
<a name="l00064"></a><a class="code" href="classtx__sv__auth.html#4550c596fded23d3cacc4b222e612155">00064</a>         function <a class="code" href="classtx__sv__auth.html#4550c596fded23d3cacc4b222e612155">getUser</a>()      {
<a name="l00065"></a>00065                 $user = <span class="keyword">false</span>;
<a name="l00066"></a>00066 
<a name="l00067"></a>00067                 <span class="keywordflow">if</span> ($this-&gt;login['status']=='login' AND $this-&gt;login['uident']) {
<a name="l00068"></a>00068 
<a name="l00069"></a>00069                         $user = $this-&gt;<a class="code" href="classtx__sv__authbase.html#492c2c6b4d1f0b0bff4e40ea067f1504">fetchUserRecord</a>($this-&gt;login['uname']);
<a name="l00070"></a>00070 
<a name="l00071"></a>00071                         <span class="keywordflow">if</span>(!is_array($user)) {
<a name="l00072"></a>00072                                         <span class="comment">// Failed login attempt (no username found)</span>
<a name="l00073"></a>00073                                 $this-&gt;<a class="code" href="classtx__sv__authbase.html#2ab0cc3540e6e4aa9898da69a3403e95">writelog</a>(255,3,3,2,
<a name="l00074"></a>00074                                         <span class="stringliteral">"Login-attempt from %s (%s), username '%s' not found!!"</span>,
<a name="l00075"></a>00075                                         Array($this-&gt;authInfo['REMOTE_ADDR'], $this-&gt;authInfo['REMOTE_HOST'], $this-&gt;login['uname']));  <span class="comment">// Logout written to log</span>
<a name="l00076"></a>00076                         } <span class="keywordflow">else</span> {
<a name="l00077"></a>00077                                 <span class="keywordflow">if</span> ($this-&gt;writeDevLog)         <a class="code" href="classt3lib__div.html#a717061737ecec3ccfd8d32b9b1c2478">t3lib_div::devLog</a>('User found: '.<a class="code" href="classt3lib__div.html#1d14bdfa7b84ee71fb0da796cfbdee82">t3lib_div::arrayToLogString</a>($user, array($this-&gt;db_user['userid_column'],$this-&gt;db_user['username_column'])), '<a class="code" href="classtx__sv__auth.html">tx_sv_auth</a>');
<a name="l00078"></a>00078                         }
<a name="l00079"></a>00079                 }
<a name="l00080"></a>00080                 <span class="keywordflow">return</span> $user;
<a name="l00081"></a>00081         }
<a name="l00082"></a>00082 
<a name="l00089"></a><a class="code" href="classtx__sv__auth.html#4b497698e0fa894bf54469262f520fb6">00089</a>         function <a class="code" href="classtx__sv__auth.html#4b497698e0fa894bf54469262f520fb6">authUser</a>($user)        {
<a name="l00090"></a>00090                 $OK = 100;
<a name="l00091"></a>00091 
<a name="l00092"></a>00092                 <span class="keywordflow">if</span> ($this-&gt;login['uident'] &amp;&amp; $this-&gt;login['uname'])    {
<a name="l00093"></a>00093 
<a name="l00094"></a>00094                                 <span class="comment">// Checking password match for user:</span>
<a name="l00095"></a>00095                         $OK = $this-&gt;<a class="code" href="classtx__sv__authbase.html#222558e7b64ad559536f5665d854d516">compareUident</a>($user, $this-&gt;login);
<a name="l00096"></a>00096 
<a name="l00097"></a>00097                         <span class="keywordflow">if</span>(!$OK)     {
<a name="l00098"></a>00098                                         <span class="comment">// Failed login attempt (wrong password) - write that to the log!</span>
<a name="l00099"></a>00099                                 <span class="keywordflow">if</span> ($this-&gt;writeAttemptLog) {
<a name="l00100"></a>00100                                         $this-&gt;<a class="code" href="classtx__sv__authbase.html#2ab0cc3540e6e4aa9898da69a3403e95">writelog</a>(255,3,3,1,
<a name="l00101"></a>00101                                                 <span class="stringliteral">"Login-attempt from %s (%s), username '%s', password not accepted!"</span>,
<a name="l00102"></a>00102                                                 Array($this-&gt;authInfo['REMOTE_ADDR'], $this-&gt;authInfo['REMOTE_HOST'], $this-&gt;login['uname']));
<a name="l00103"></a>00103                                 }
<a name="l00104"></a>00104                                 <span class="keywordflow">if</span> ($this-&gt;writeDevLog)         <a class="code" href="classt3lib__div.html#a717061737ecec3ccfd8d32b9b1c2478">t3lib_div::devLog</a>('Password not accepted: '.$this-&gt;login['uident'], '<a class="code" href="classtx__sv__auth.html">tx_sv_auth</a>', 2);
<a name="l00105"></a>00105                         }
<a name="l00106"></a>00106 
<a name="l00107"></a>00107                                 <span class="comment">// Checking the domain (lockToDomain)</span>
<a name="l00108"></a>00108                         <span class="keywordflow">if</span> ($OK &amp;&amp; $user['lockToDomain'] &amp;&amp; $user['lockToDomain']!=$this-&gt;authInfo['HTTP_HOST'])        {
<a name="l00109"></a>00109                                         <span class="comment">// Lock domain didn't match, so error:</span>
<a name="l00110"></a>00110                                 <span class="keywordflow">if</span> ($this-&gt;writeAttemptLog) {
<a name="l00111"></a>00111                                         $this-&gt;<a class="code" href="classtx__sv__authbase.html#2ab0cc3540e6e4aa9898da69a3403e95">writelog</a>(255,3,3,1,
<a name="l00112"></a>00112                                                 <span class="stringliteral">"Login-attempt from %s (%s), username '%s', locked domain '%s' did not match '%s'!"</span>,
<a name="l00113"></a>00113                                                 Array($this-&gt;authInfo['REMOTE_ADDR'], $this-&gt;authInfo['REMOTE_HOST'], $user[$this-&gt;db_user['username_column']], $user['lockToDomain'], $this-&gt;authInfo['HTTP_HOST']));
<a name="l00114"></a>00114                                 }
<a name="l00115"></a>00115                                 $OK = <span class="keyword">false</span>;
<a name="l00116"></a>00116                         }
<a name="l00117"></a>00117                 }
<a name="l00118"></a>00118 
<a name="l00119"></a>00119                 <span class="keywordflow">return</span> $OK;
<a name="l00120"></a>00120         }
<a name="l00121"></a>00121 
<a name="l00129"></a><a class="code" href="classtx__sv__auth.html#41f8024e52408155547623a24c356828">00129</a>         function <a class="code" href="classtx__sv__auth.html#41f8024e52408155547623a24c356828">getGroups</a>($user, $knownGroups) {
<a name="l00130"></a>00130                 global $TYPO3_CONF_VARS;
<a name="l00131"></a>00131 
<a name="l00132"></a>00132                 $groupDataArr = array();
<a name="l00133"></a>00133 
<a name="l00134"></a>00134                 <span class="keywordflow">if</span>($this-&gt;mode=='getGroupsFE')  {
<a name="l00135"></a>00135 
<a name="l00136"></a>00136                         $groups = array();
<a name="l00137"></a>00137                         <span class="keywordflow">if</span> (is_array($user) &amp;&amp; $user[$this-&gt;db_user['usergroup_column']])       {
<a name="l00138"></a>00138                                 $groupList = $user[$this-&gt;db_user['usergroup_column']];
<a name="l00139"></a>00139                                 $groups = array();
<a name="l00140"></a>00140                                 $this-&gt;<a class="code" href="classtx__sv__auth.html#b71e3e1746af41540373baf8bf5cf7cd">getSubGroups</a>($groupList,'',$groups);
<a name="l00141"></a>00141                         }
<a name="l00142"></a>00142 
<a name="l00143"></a>00143                                 <span class="comment">// ADD group-numbers if the IPmask matches.</span>
<a name="l00144"></a>00144                         <span class="keywordflow">if</span> (is_array($TYPO3_CONF_VARS['FE']['IPmaskMountGroups']))      {
<a name="l00145"></a>00145                                 foreach($TYPO3_CONF_VARS['FE']['IPmaskMountGroups'] as $IPel)   {
<a name="l00146"></a>00146                                         <span class="keywordflow">if</span> ($this-&gt;authInfo['REMOTE_ADDR'] &amp;&amp; $IPel[0] &amp;&amp; <a class="code" href="classt3lib__div.html#abe065a28b50e8a6e4b12523db7d4895">t3lib_div::cmpIP</a>($this-&gt;authInfo['REMOTE_ADDR'],$IPel[0]))    {$groups[]=intval($IPel[1]);}
<a name="l00147"></a>00147                                 }
<a name="l00148"></a>00148                         }
<a name="l00149"></a>00149 
<a name="l00150"></a>00150                         $groups = array_unique($groups);
<a name="l00151"></a>00151 
<a name="l00152"></a>00152                         <span class="keywordflow">if</span> (count($groups))     {
<a name="l00153"></a>00153                                 $list = implode(<span class="charliteral">','</span>,$groups);
<a name="l00154"></a>00154 
<a name="l00155"></a>00155                                 <span class="keywordflow">if</span> ($this-&gt;writeDevLog)         <a class="code" href="classt3lib__div.html#a717061737ecec3ccfd8d32b9b1c2478">t3lib_div::devLog</a>('Get usergroups with <span class="keywordtype">id</span>: '.$list, '<a class="code" href="classtx__sv__auth.html">tx_sv_auth</a>');
<a name="l00156"></a>00156 
<a name="l00157"></a>00157                                 $lockToDomain_SQL = ' AND (lockToDomain=\<span class="charliteral">'\'</span> OR lockToDomain IS NULL OR lockToDomain=\''.$this-&gt;authInfo['HTTP_HOST'].<span class="charliteral">'\'</span>)';
<a name="l00158"></a>00158                                 <span class="keywordflow">if</span> (!$this-&gt;authInfo['showHiddenRecords'])      $hiddenP = 'AND hidden=0 ';
<a name="l00159"></a>00159                                 $res = $GLOBALS['TYPO3_DB']-&gt;exec_SELECTquery(<span class="charliteral">'*'</span>, $this-&gt;db_groups['table'], 'deleted=0 '.$hiddenP.' AND uid IN ('.$list.<span class="charliteral">')'</span>.$lockToDomain_SQL);
<a name="l00160"></a>00160                                 <span class="keywordflow">while</span> ($row = $GLOBALS['TYPO3_DB']-&gt;sql_fetch_assoc($res))      {
<a name="l00161"></a>00161                                         $groupDataArr[$row['uid']] = $row;
<a name="l00162"></a>00162                                 }
<a name="l00163"></a>00163                                 <span class="keywordflow">if</span> ($res)       $GLOBALS['TYPO3_DB']-&gt;sql_free_result($res);
<a name="l00164"></a>00164 
<a name="l00165"></a>00165                         } <span class="keywordflow">else</span> {
<a name="l00166"></a>00166                                 <span class="keywordflow">if</span> ($this-&gt;writeDevLog)         <a class="code" href="classt3lib__div.html#a717061737ecec3ccfd8d32b9b1c2478">t3lib_div::devLog</a>('No usergroups found.', '<a class="code" href="classtx__sv__auth.html">tx_sv_auth</a>', 2);
<a name="l00167"></a>00167                         }
<a name="l00168"></a>00168                 } elseif ($this-&gt;mode=='getGroupsBE') {
<a name="l00169"></a>00169 
<a name="l00170"></a>00170 <span class="preprocessor">                        # Get the BE groups here</span>
<a name="l00171"></a>00171 <span class="preprocessor"></span><span class="preprocessor">                        # still needs to be implemented in t3lib_userauthgroup</span>
<a name="l00172"></a>00172 <span class="preprocessor"></span>                }
<a name="l00173"></a>00173 
<a name="l00174"></a>00174                 <span class="keywordflow">return</span> $groupDataArr;
<a name="l00175"></a>00175         }
<a name="l00176"></a>00176 
<a name="l00186"></a><a class="code" href="classtx__sv__auth.html#b71e3e1746af41540373baf8bf5cf7cd">00186</a>         function getSubGroups($grList, $idList='', &amp;$groups)    {
<a name="l00187"></a>00187 
<a name="l00188"></a>00188                         <span class="comment">// Fetching records of the groups in $grList (which are not blocked by lockedToDomain either):</span>
<a name="l00189"></a>00189                 $lockToDomain_SQL = ' AND (lockToDomain=\<span class="charliteral">'\'</span> OR lockToDomain IS NULL OR lockToDomain=\''.$this-&gt;authInfo['HTTP_HOST'].<span class="charliteral">'\'</span>)';
<a name="l00190"></a>00190                 <span class="keywordflow">if</span> (!$this-&gt;authInfo['showHiddenRecords'])      $hiddenP = 'AND hidden=0 ';
<a name="l00191"></a>00191                 $res = $GLOBALS['TYPO3_DB']-&gt;exec_SELECTquery('uid,subgroup', 'fe_groups', 'deleted=0 '.$hiddenP.' AND uid IN ('.$grList.<span class="charliteral">')'</span>.$lockToDomain_SQL);
<a name="l00192"></a>00192 
<a name="l00193"></a>00193                 $groupRows = array();   <span class="comment">// Internal group record storage</span>
<a name="l00194"></a>00194 
<a name="l00195"></a>00195                         <span class="comment">// The groups array is filled</span>
<a name="l00196"></a>00196                 <span class="keywordflow">while</span> ($row = $GLOBALS['TYPO3_DB']-&gt;sql_fetch_assoc($res))      {
<a name="l00197"></a>00197                         <span class="keywordflow">if</span>(!in_array($row['uid'], $groups))     { $groups[] = $row['uid']; }
<a name="l00198"></a>00198                         $groupRows[$row['uid']] = $row;
<a name="l00199"></a>00199                 }
<a name="l00200"></a>00200 
<a name="l00201"></a>00201                         <span class="comment">// Traversing records in the correct order</span>
<a name="l00202"></a>00202                 $include_staticArr = <a class="code" href="classt3lib__div.html#93aed4f073a335dc8e804c46d405cbd6">t3lib_div::intExplode</a>(<span class="charliteral">','</span>, $grList);
<a name="l00203"></a>00203                 foreach($include_staticArr as $uid)     {       <span class="comment">// traversing list</span>
<a name="l00204"></a>00204 
<a name="l00205"></a>00205                                 <span class="comment">// Get row:</span>
<a name="l00206"></a>00206                         $row=$groupRows[$uid];
<a name="l00207"></a>00207                         <span class="keywordflow">if</span> (is_array($row) &amp;&amp; !<a class="code" href="classt3lib__div.html#d994a5608365c288d051d6022d4e9976">t3lib_div::inList</a>($idList,$uid)) {       <span class="comment">// Must be an array and $uid should not be in the idList, because then it is somewhere previously in the grouplist</span>
<a name="l00208"></a>00208 
<a name="l00209"></a>00209                                         <span class="comment">// Include sub groups</span>
<a name="l00210"></a>00210                                 <span class="keywordflow">if</span> (trim($row['subgroup']))     {
<a name="l00211"></a>00211                                         $theList = implode(<span class="charliteral">','</span>,<a class="code" href="classt3lib__div.html#93aed4f073a335dc8e804c46d405cbd6">t3lib_div::intExplode</a>(<span class="charliteral">','</span>,$row['subgroup']));    <span class="comment">// Make integer list</span>
<a name="l00212"></a>00212                                         $this-&gt;getSubGroups($theList, $idList.<span class="charliteral">','</span>.$uid, $groups);               <span class="comment">// Call recursively, pass along list of already processed groups so they are not recursed again.</span>
<a name="l00213"></a>00213                                 }
<a name="l00214"></a>00214                         }
<a name="l00215"></a>00215                 }
<a name="l00216"></a>00216         }
<a name="l00217"></a>00217 }
<a name="l00218"></a>00218 
<a name="l00219"></a>00219 
<a name="l00220"></a>00220 
<a name="l00221"></a>00221 <span class="keywordflow">if</span> (defined('TYPO3_MODE') &amp;&amp; $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/sv/<span class="keyword">class</span>.<a class="code" href="classtx__sv__auth.html">tx_sv_auth</a>.php'])     {
<a name="l00222"></a>00222         include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/sv/<span class="keyword">class</span>.<a class="code" href="classtx__sv__auth.html">tx_sv_auth</a>.php']);
<a name="l00223"></a>00223 }
<a name="l00224"></a>00224 ?&gt;
</pre></div><?php
  include_once '../doc-typo3-funcs.php';
  get_footer();
?>