Documentation TYPO3 par Ameos |
00001 <?php 00002 /*************************************************************** 00003 * Copyright notice 00004 * 00005 * (c) 1999-2006 Kasper Skaarhoj (kasperYYYY@typo3.com) 00006 * All rights reserved 00007 * 00008 * This script is part of the TYPO3 project. The TYPO3 project is 00009 * free software; you can redistribute it and/or modify 00010 * it under the terms of the GNU General Public License as published by 00011 * the Free Software Foundation; either version 2 of the License, or 00012 * (at your option) any later version. 00013 * 00014 * The GNU General Public License can be found at 00015 * http://www.gnu.org/copyleft/gpl.html. 00016 * A copy is found in the textfile GPL.txt and important notices to the license 00017 * from the author is found in LICENSE.txt distributed with these scripts. 00018 * 00019 * 00020 * This script is distributed in the hope that it will be useful, 00021 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00022 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00023 * GNU General Public License for more details. 00024 * 00025 * This copyright notice MUST APPEAR in all copies of the script! 00026 ***************************************************************/ 00076 class t3lib_beUserAuth extends t3lib_userAuthGroup { 00077 var $session_table = 'be_sessions'; // Table to use for session data. 00078 var $name = 'be_typo_user'; // Session/Cookie name 00079 00080 var $user_table = 'be_users'; // Table in database with userdata 00081 var $username_column = 'username'; // Column for login-name 00082 var $userident_column = 'password'; // Column for password 00083 var $userid_column = 'uid'; // Column for user-id 00084 var $lastLogin_column = 'lastlogin'; 00085 var $notifyHeader = 'From: TYPO3 Login notify <no_reply@no_reply.no_reply>'; 00086 00087 var $enablecolumns = Array ( 00088 'rootLevel' => 1, 00089 'deleted' => 'deleted', 00090 'disabled' => 'disable', 00091 'starttime' => 'starttime', 00092 'endtime' => 'endtime' 00093 ); 00094 00095 var $formfield_uname = 'username'; // formfield with login-name 00096 var $formfield_uident = 'userident'; // formfield with password 00097 var $formfield_chalvalue = 'challenge'; // formfield with a unique value which is used to encrypt the password and username 00098 var $formfield_status = 'login_status'; // formfield with status: *'login', 'logout' 00099 var $security_level = 'superchallenged'; // sets the level of security. *'normal' = clear-text. 'challenged' = hashed password/username from form in $formfield_uident. 'superchallenged' = hashed password hashed again with username. 00100 00101 var $writeStdLog = 1; // Decides if the writelog() function is called at login and logout 00102 var $writeAttemptLog = 1; // If the writelog() functions is called if a login-attempt has be tried without success 00103 00104 var $auth_include = ''; // this is the name of the include-file containing the login form. If not set, login CAN be anonymous. If set login IS needed. 00105 00106 var $auth_timeout_field = 6000; // if > 0 : session-timeout in seconds. if false/<0 : no timeout. if string: The string is fieldname from the usertable where the timeout can be found. 00107 var $lifetime = 0; // 0 = Session-cookies. If session-cookies, the browser will stop session when the browser is closed. Else it keeps the session for $lifetime seconds. 00108 var $challengeStoredInCookie = TRUE; 00109 00110 00111 // User Config: 00112 var $uc; 00113 00114 // User Config Default values: 00115 // The array may contain other fields for configuration. For this, see "setup" extension and "TSConfig" document (User TSconfig, "setup.[xxx]....") 00116 /* 00117 Reserved keys for other storage of session data: 00118 moduleData 00119 moduleSessionID 00120 */ 00121 var $uc_default = Array ( 00122 'interfaceSetup' => '', // serialized content that is used to store interface pane and menu positions. Set by the logout.php-script 00123 'moduleData' => Array(), // user-data for the modules 00124 'thumbnailsByDefault' => 0, 00125 'emailMeAtLogin' => 0, 00126 'condensedMode' => 0, 00127 'noMenuMode' => 0, 00128 'startInTaskCenter' => 0, 00129 'hideSubmoduleIcons' => 0, 00130 'helpText' => 1, 00131 'titleLen' => 30, 00132 'edit_wideDocument' => '0', 00133 'edit_showFieldHelp' => 'icon', 00134 'edit_RTE' => '1', 00135 'edit_docModuleUpload' => '1', 00136 'disableCMlayers' => 0, 00137 'navFrameWidth' => '', // Default is 245 pixels 00138 'navFrameResizable' => 0, 00139 ); 00140 00141 00150 function trackBeUser($flag) { 00151 if ($flag && t3lib_extMgm::isLoaded('beuser_tracking')) { 00152 $insertFields = array( 00153 'userid' => intval($this->user['uid']), 00154 'tstamp' => time(), 00155 'script' => t3lib_div::getIndpEnv('REQUEST_URI') 00156 ); 00157 00158 $GLOBALS['TYPO3_DB']->exec_INSERTquery('sys_trackbeuser', $insertFields); 00159 } 00160 } 00161 00168 function checkLockToIP() { 00169 global $TYPO3_CONF_VARS; 00170 $out = 1; 00171 if ($TYPO3_CONF_VARS['BE']['enabledBeUserIPLock']) { 00172 $IPList = $this->getTSConfigVal('options.lockToIP'); 00173 if (trim($IPList)) { 00174 $baseIP = t3lib_div::getIndpEnv('REMOTE_ADDR'); 00175 $out = t3lib_div::cmpIP($baseIP, $IPList); 00176 } 00177 } 00178 return $out; 00179 } 00180 00188 function backendCheckLogin() { 00189 if (!$this->user['uid']) { 00190 if (!defined('TYPO3_PROCEED_IF_NO_USER') || !TYPO3_PROCEED_IF_NO_USER) { 00191 t3lib_BEfunc::typo3PrintError ('Login-error or session timed-out', 'No user logged in! Sorry, I can\'t proceed then!<br /><br />(You must have cookies enabled!)<br /><br />If your session has just timed-out, you may<br /><a href="'.t3lib_div::locationHeaderUrl(t3lib_div::getIndpEnv('TYPO3_SITE_URL').TYPO3_mainDir.'index.php'.'" target="_top">click here to re-login</a>.',0)); 00192 exit; 00193 } 00194 } else { // ...and if that's the case, call these functions 00195 $this->fetchGroupData(); // The groups are fetched and ready for permission checking in this initialization. Tables.php must be read before this because stuff like the modules has impact in this 00196 if ($this->checkLockToIP()) { 00197 if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] || $this->isAdmin()) { 00198 $this->backendSetUC(); // Setting the UC array. It's needed with fetchGroupData first, due to default/overriding of values. 00199 $this->emailAtLogin(); // email at login - if option set. 00200 } else { 00201 t3lib_BEfunc::typo3PrintError ('Login-error','TYPO3 is in maintenance mode at the moment. Only administrators are allowed access.',0); 00202 exit; 00203 } 00204 } else { 00205 t3lib_BEfunc::typo3PrintError ('Login-error','IP locking prevented you from being authorized. Can\'t proceed, sorry.',0); 00206 exit; 00207 } 00208 } 00209 } 00210 00216 function checkCLIuser() { 00217 // First, check if cliMode is enabled: 00218 if (defined('TYPO3_cliMode') && TYPO3_cliMode) { 00219 if (!$this->user['uid']) { 00220 if (substr($GLOBALS['MCONF']['name'],0,5)=='_CLI_') { 00221 $userName = strtolower($GLOBALS['MCONF']['name']); 00222 $this->setBeUserByName($userName); 00223 if ($this->user['uid']) { 00224 if (!$this->isAdmin()) { 00225 return TRUE; 00226 } else die('ERROR: CLI backend user "'.$userName.'" was ADMIN which is not allowed!'.chr(10).chr(10)); 00227 } else die('ERROR: No backend user named "'.$userName.'" was found! [Database: '.TYPO3_db.']'.chr(10).chr(10)); 00228 } else die('ERROR: Module name, "'.$GLOBALS['MCONF']['name'].'", was not prefixed with "_CLI_"'.chr(10).chr(10)); 00229 } else die('ERROR: Another user was already loaded which is impossible in CLI mode!'.chr(10).chr(10)); 00230 } 00231 } 00232 00240 function backendSetUC() { 00241 global $TYPO3_CONF_VARS; 00242 00243 // UC - user configuration is a serialized array inside the userobject 00244 $temp_theSavedUC=unserialize($this->user['uc']); // if there is a saved uc we implement that instead of the default one. 00245 if (is_array($temp_theSavedUC)) { 00246 $this->unpack_uc($temp_theSavedUC); 00247 } 00248 // Setting defaults if uc is empty 00249 if (!is_array($this->uc)) { 00250 $this->uc = array_merge($this->uc_default, (array)$TYPO3_CONF_VARS['BE']['defaultUC'], (array)$this->getTSConfigProp('setup.default')); // Candidate for t3lib_div::array_merge() if integer-keys will some day make trouble... 00251 $this->overrideUC(); 00252 $U=1; 00253 } 00254 // If TSconfig is updated, update the defaultUC. 00255 if ($this->userTSUpdated) { 00256 $this->overrideUC(); 00257 $U=1; 00258 } 00259 // Setting default lang from be_user record. 00260 if (!isset($this->uc['lang'])) { 00261 $this->uc['lang']=$this->user['lang']; 00262 $U=1; 00263 } 00264 00265 // Saving if updated. 00266 if ($U) { 00267 $this->writeUC(); // Method from the t3lib_userauth class. 00268 } 00269 } 00270 00278 function overrideUC() { 00279 $this->uc = array_merge((array)$this->uc, (array)$this->getTSConfigProp('setup.override')); // Candidate for t3lib_div::array_merge() if integer-keys will some day make trouble... 00280 } 00281 00288 function resetUC() { 00289 $this->user['uc']=''; 00290 $this->uc=''; 00291 $this->backendSetUC(); 00292 } 00293 00301 function emailAtLogin() { 00302 if ($this->loginSessionStarted) { 00303 // Send notify-mail 00304 $subject = 'At "'.$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'].'"'. 00305 ' from '.t3lib_div::getIndpEnv('REMOTE_ADDR'). 00306 (t3lib_div::getIndpEnv('REMOTE_HOST') ? ' ('.t3lib_div::getIndpEnv('REMOTE_HOST').')' : ''); 00307 $msg = sprintf ('User "%s" logged in from %s (%s) at "%s" (%s)', 00308 $this->user['username'], 00309 t3lib_div::getIndpEnv('REMOTE_ADDR'), 00310 t3lib_div::getIndpEnv('REMOTE_HOST'), 00311 $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], 00312 t3lib_div::getIndpEnv('HTTP_HOST') 00313 ); 00314 00315 // Warning email address 00316 if ($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr']) { 00317 $warn=0; 00318 $prefix=''; 00319 if (intval($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_mode']) & 1) { // first bit: All logins 00320 $warn=1; 00321 $prefix= $this->isAdmin() ? '[AdminLoginWarning]' : '[LoginWarning]'; 00322 } 00323 if ($this->isAdmin() && (intval($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_mode']) & 2)) { // second bit: Only admin-logins 00324 $warn=1; 00325 $prefix='[AdminLoginWarning]'; 00326 } 00327 if ($warn) { 00328 mail($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'], 00329 $prefix.' '.$subject, 00330 $msg, 00331 $this->notifyHeader 00332 ); 00333 } 00334 } 00335 00336 // If An email should be sent to the current user, do that: 00337 if ($this->uc['emailMeAtLogin'] && strstr($this->user['email'],'@')) { 00338 mail($this->user['email'], 00339 $subject, 00340 $msg, 00341 $this->notifyHeader 00342 ); 00343 } 00344 } 00345 } 00346 00353 function veriCode() { 00354 return substr(md5($this->id.$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']),0,10); 00355 } 00356 } 00357 00358 00359 00360 00361 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_beuserauth.php']) { 00362 include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_beuserauth.php']); 00363 } 00364 ?>