| [ Index ] |
|
Code source de Typo3 4.1.3 |
1 <?php 2 /*************************************************************** 3 * Copyright notice 4 * 5 * (c) 1999-2006 Kasper Skaarhoj (kasperYYYY@typo3.com) 6 * All rights reserved 7 * 8 * This script is part of the TYPO3 project. The TYPO3 project is 9 * free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License as published by 11 * the Free Software Foundation; either version 2 of the License, or 12 * (at your option) any later version. 13 * 14 * The GNU General Public License can be found at 15 * http://www.gnu.org/copyleft/gpl.html. 16 * A copy is found in the textfile GPL.txt and important notices to the license 17 * from the author is found in LICENSE.txt distributed with these scripts. 18 * 19 * 20 * This script is distributed in the hope that it will be useful, 21 * but WITHOUT ANY WARRANTY; without even the implied warranty of 22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 23 * GNU General Public License for more details. 24 * 25 * This copyright notice MUST APPEAR in all copies of the script! 26 ***************************************************************/ 27 /** 28 * Contains class for TYPO3 backend user authentication 29 * 30 * $Id: class.t3lib_beuserauth.php 1421 2006-04-10 09:27:15Z mundaun $ 31 * Revised for TYPO3 3.6 July/2003 by Kasper Skaarhoj 32 * 33 * @author Kasper Skaarhoj <kasperYYYY@typo3.com> 34 * @internal 35 */ 36 /** 37 * [CLASS/FUNCTION INDEX of SCRIPT] 38 * 39 * 40 * 41 * 76: class t3lib_beUserAuth extends t3lib_userAuthGroup 42 * 150: function trackBeUser($flag) 43 * 168: function checkLockToIP() 44 * 188: function backendCheckLogin() 45 * 216: function checkCLIuser() 46 * 240: function backendSetUC() 47 * 278: function overrideUC() 48 * 288: function resetUC() 49 * 301: function emailAtLogin() 50 * 353: function veriCode() 51 * 52 * TOTAL FUNCTIONS: 9 53 * (This index is automatically created/updated by the extension "extdeveval") 54 * 55 */ 56 57 58 59 60 61 62 63 64 65 66 /** 67 * TYPO3 user authentication, backend 68 * Could technically have been the same class as t3lib_userauthgroup since these two are always used together and only together. 69 * t3lib_userauthgroup contains most of the functions used for checking permissions, authenticating users, setting up the user etc. This class is most interesting in terms of an API for user from outside. 70 * This class contains the configuration of the database fields used plus some functions for the authentication process of backend users. 71 * 72 * @author Kasper Skaarhoj <kasperYYYY@typo3.com> 73 * @package TYPO3 74 * @subpackage t3lib 75 */ 76 class t3lib_beUserAuth extends t3lib_userAuthGroup { 77 var $session_table = 'be_sessions'; // Table to use for session data. 78 var $name = 'be_typo_user'; // Session/Cookie name 79 80 var $user_table = 'be_users'; // Table in database with userdata 81 var $username_column = 'username'; // Column for login-name 82 var $userident_column = 'password'; // Column for password 83 var $userid_column = 'uid'; // Column for user-id 84 var $lastLogin_column = 'lastlogin'; 85 var $notifyHeader = 'From: TYPO3 Login notify <no_reply@no_reply.no_reply>'; 86 87 var $enablecolumns = Array ( 88 'rootLevel' => 1, 89 'deleted' => 'deleted', 90 'disabled' => 'disable', 91 'starttime' => 'starttime', 92 'endtime' => 'endtime' 93 ); 94 95 var $formfield_uname = 'username'; // formfield with login-name 96 var $formfield_uident = 'userident'; // formfield with password 97 var $formfield_chalvalue = 'challenge'; // formfield with a unique value which is used to encrypt the password and username 98 var $formfield_status = 'login_status'; // formfield with status: *'login', 'logout' 99 var $security_level = 'superchallenged'; // sets the level of security. *'normal' = clear-text. 'challenged' = hashed password/username from form in $formfield_uident. 'superchallenged' = hashed password hashed again with username. 100 101 var $writeStdLog = 1; // Decides if the writelog() function is called at login and logout 102 var $writeAttemptLog = 1; // If the writelog() functions is called if a login-attempt has be tried without success 103 104 var $auth_include = ''; // this is the name of the include-file containing the login form. If not set, login CAN be anonymous. If set login IS needed. 105 106 var $auth_timeout_field = 6000; // if > 0 : session-timeout in seconds. if false/<0 : no timeout. if string: The string is fieldname from the usertable where the timeout can be found. 107 var $lifetime = 0; // 0 = Session-cookies. If session-cookies, the browser will stop session when the browser is closed. Else it keeps the session for $lifetime seconds. 108 var $challengeStoredInCookie = TRUE; 109 110 111 // User Config: 112 var $uc; 113 114 // User Config Default values: 115 // The array may contain other fields for configuration. For this, see "setup" extension and "TSConfig" document (User TSconfig, "setup.[xxx]....") 116 /* 117 Reserved keys for other storage of session data: 118 moduleData 119 moduleSessionID 120 */ 121 var $uc_default = Array ( 122 'interfaceSetup' => '', // serialized content that is used to store interface pane and menu positions. Set by the logout.php-script 123 'moduleData' => Array(), // user-data for the modules 124 'thumbnailsByDefault' => 0, 125 'emailMeAtLogin' => 0, 126 'condensedMode' => 0, 127 'noMenuMode' => 0, 128 'startInTaskCenter' => 0, 129 'hideSubmoduleIcons' => 0, 130 'helpText' => 1, 131 'titleLen' => 30, 132 'edit_wideDocument' => '0', 133 'edit_showFieldHelp' => 'icon', 134 'edit_RTE' => '1', 135 'edit_docModuleUpload' => '1', 136 'disableCMlayers' => 0, 137 'navFrameWidth' => '', // Default is 245 pixels 138 'navFrameResizable' => 0, 139 ); 140 141 142 /** 143 * If flag is set and the extensions 'beuser_tracking' is loaded, this will insert a table row with the REQUEST_URI of current script - thus tracking the scripts the backend users uses... 144 * This function works ONLY with the "beuser_tracking" extension and is deprecated since it does nothing useful. 145 * 146 * @param boolean Activate insertion of the URL. 147 * @return void 148 * @access private 149 */ 150 function trackBeUser($flag) { 151 if ($flag && t3lib_extMgm::isLoaded('beuser_tracking')) { 152 $insertFields = array( 153 'userid' => intval($this->user['uid']), 154 'tstamp' => time(), 155 'script' => t3lib_div::getIndpEnv('REQUEST_URI') 156 ); 157 158 $GLOBALS['TYPO3_DB']->exec_INSERTquery('sys_trackbeuser', $insertFields); 159 } 160 } 161 162 /** 163 * If TYPO3_CONF_VARS['BE']['enabledBeUserIPLock'] is enabled and an IP-list is found in the User TSconfig objString "options.lockToIP", then make an IP comparison with REMOTE_ADDR and return the outcome (true/false) 164 * 165 * @return boolean True, if IP address validates OK (or no check is done at all) 166 * @access private 167 */ 168 function checkLockToIP() { 169 global $TYPO3_CONF_VARS; 170 $out = 1; 171 if ($TYPO3_CONF_VARS['BE']['enabledBeUserIPLock']) { 172 $IPList = $this->getTSConfigVal('options.lockToIP'); 173 if (trim($IPList)) { 174 $baseIP = t3lib_div::getIndpEnv('REMOTE_ADDR'); 175 $out = t3lib_div::cmpIP($baseIP, $IPList); 176 } 177 } 178 return $out; 179 } 180 181 /** 182 * Check if user is logged in and if so, call ->fetchGroupData() to load group information and access lists of all kind, further check IP, set the ->uc array and send login-notification email if required. 183 * If no user is logged in the default behaviour is to exit with an error message, but this will happen ONLY if the constant TYPO3_PROCEED_IF_NO_USER is set true. 184 * This function is called right after ->start() in fx. init.php 185 * 186 * @return void 187 */ 188 function backendCheckLogin() { 189 if (!$this->user['uid']) { 190 if (!defined('TYPO3_PROCEED_IF_NO_USER') || !TYPO3_PROCEED_IF_NO_USER) { 191 t3lib_BEfunc::typo3PrintError ('Login-error or session timed-out', 'No user logged in! Sorry, I can\'t proceed then!<br /><br />(You must have cookies enabled!)<br /><br />If your session has just timed-out, you may<br /><a href="'.t3lib_div::locationHeaderUrl(t3lib_div::getIndpEnv('TYPO3_SITE_URL').TYPO3_mainDir.'index.php'.'" target="_top">click here to re-login</a>.',0)); 192 exit; 193 } 194 } else { // ...and if that's the case, call these functions 195 $this->fetchGroupData(); // The groups are fetched and ready for permission checking in this initialization. Tables.php must be read before this because stuff like the modules has impact in this 196 if ($this->checkLockToIP()) { 197 if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] || $this->isAdmin()) { 198 $this->backendSetUC(); // Setting the UC array. It's needed with fetchGroupData first, due to default/overriding of values. 199 $this->emailAtLogin(); // email at login - if option set. 200 } else { 201 t3lib_BEfunc::typo3PrintError ('Login-error','TYPO3 is in maintenance mode at the moment. Only administrators are allowed access.',0); 202 exit; 203 } 204 } else { 205 t3lib_BEfunc::typo3PrintError ('Login-error','IP locking prevented you from being authorized. Can\'t proceed, sorry.',0); 206 exit; 207 } 208 } 209 } 210 211 /** 212 * If the backend script is in CLI mode, it will try to load a backend user named by the CLI module name (in lowercase) 213 * 214 * @return boolean Returns true if a CLI user was loaded, otherwise false! 215 */ 216 function checkCLIuser() { 217 // First, check if cliMode is enabled: 218 if (defined('TYPO3_cliMode') && TYPO3_cliMode) { 219 if (!$this->user['uid']) { 220 if (substr($GLOBALS['MCONF']['name'],0,5)=='_CLI_') { 221 $userName = strtolower($GLOBALS['MCONF']['name']); 222 $this->setBeUserByName($userName); 223 if ($this->user['uid']) { 224 if (!$this->isAdmin()) { 225 return TRUE; 226 } else die('ERROR: CLI backend user "'.$userName.'" was ADMIN which is not allowed!'.chr(10).chr(10)); 227 } else die('ERROR: No backend user named "'.$userName.'" was found! [Database: '.TYPO3_db.']'.chr(10).chr(10)); 228 } else die('ERROR: Module name, "'.$GLOBALS['MCONF']['name'].'", was not prefixed with "_CLI_"'.chr(10).chr(10)); 229 } else die('ERROR: Another user was already loaded which is impossible in CLI mode!'.chr(10).chr(10)); 230 } 231 } 232 233 /** 234 * Initialize the internal ->uc array for the backend user 235 * Will make the overrides if necessary, and write the UC back to the be_users record if changes has happend 236 * 237 * @return void 238 * @internal 239 */ 240 function backendSetUC() { 241 global $TYPO3_CONF_VARS; 242 243 // UC - user configuration is a serialized array inside the userobject 244 $temp_theSavedUC=unserialize($this->user['uc']); // if there is a saved uc we implement that instead of the default one. 245 if (is_array($temp_theSavedUC)) { 246 $this->unpack_uc($temp_theSavedUC); 247 } 248 // Setting defaults if uc is empty 249 if (!is_array($this->uc)) { 250 $this->uc = array_merge($this->uc_default, (array)$TYPO3_CONF_VARS['BE']['defaultUC'], (array)$this->getTSConfigProp('setup.default')); // Candidate for t3lib_div::array_merge() if integer-keys will some day make trouble... 251 $this->overrideUC(); 252 $U=1; 253 } 254 // If TSconfig is updated, update the defaultUC. 255 if ($this->userTSUpdated) { 256 $this->overrideUC(); 257 $U=1; 258 } 259 // Setting default lang from be_user record. 260 if (!isset($this->uc['lang'])) { 261 $this->uc['lang']=$this->user['lang']; 262 $U=1; 263 } 264 265 // Saving if updated. 266 if ($U) { 267 $this->writeUC(); // Method from the t3lib_userauth class. 268 } 269 } 270 271 /** 272 * Override: Call this function every time the uc is updated. 273 * That is 1) by reverting to default values, 2) in the setup-module, 3) userTS changes (userauthgroup) 274 * 275 * @return void 276 * @internal 277 */ 278 function overrideUC() { 279 $this->uc = array_merge((array)$this->uc, (array)$this->getTSConfigProp('setup.override')); // Candidate for t3lib_div::array_merge() if integer-keys will some day make trouble... 280 } 281 282 /** 283 * Clears the user[uc] and ->uc to blank strings. Then calls ->backendSetUC() to fill it again with reset contents 284 * 285 * @return void 286 * @internal 287 */ 288 function resetUC() { 289 $this->user['uc']=''; 290 $this->uc=''; 291 $this->backendSetUC(); 292 } 293 294 /** 295 * Will send an email notification to warning_email_address/the login users email address when a login session is just started. 296 * Depends on various parameters whether mails are send and to whom. 297 * 298 * @return void 299 * @access private 300 */ 301 function emailAtLogin() { 302 if ($this->loginSessionStarted) { 303 // Send notify-mail 304 $subject = 'At "'.$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'].'"'. 305 ' from '.t3lib_div::getIndpEnv('REMOTE_ADDR'). 306 (t3lib_div::getIndpEnv('REMOTE_HOST') ? ' ('.t3lib_div::getIndpEnv('REMOTE_HOST').')' : ''); 307 $msg = sprintf ('User "%s" logged in from %s (%s) at "%s" (%s)', 308 $this->user['username'], 309 t3lib_div::getIndpEnv('REMOTE_ADDR'), 310 t3lib_div::getIndpEnv('REMOTE_HOST'), 311 $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], 312 t3lib_div::getIndpEnv('HTTP_HOST') 313 ); 314 315 // Warning email address 316 if ($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr']) { 317 $warn=0; 318 $prefix=''; 319 if (intval($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_mode']) & 1) { // first bit: All logins 320 $warn=1; 321 $prefix= $this->isAdmin() ? '[AdminLoginWarning]' : '[LoginWarning]'; 322 } 323 if ($this->isAdmin() && (intval($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_mode']) & 2)) { // second bit: Only admin-logins 324 $warn=1; 325 $prefix='[AdminLoginWarning]'; 326 } 327 if ($warn) { 328 mail($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'], 329 $prefix.' '.$subject, 330 $msg, 331 $this->notifyHeader 332 ); 333 } 334 } 335 336 // If An email should be sent to the current user, do that: 337 if ($this->uc['emailMeAtLogin'] && strstr($this->user['email'],'@')) { 338 mail($this->user['email'], 339 $subject, 340 $msg, 341 $this->notifyHeader 342 ); 343 } 344 } 345 } 346 347 /** 348 * VeriCode returns 10 first chars of a md5 hash of the session cookie AND the encryptionKey from TYPO3_CONF_VARS. 349 * This code is used as an alternative verification when the JavaScript interface executes cmd's to tce_db.php from eg. MSIE 5.0 because the proper referer is not passed with this browser... 350 * 351 * @return string 352 */ 353 function veriCode() { 354 return substr(md5($this->id.$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']),0,10); 355 } 356 } 357 358 359 360 361 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_beuserauth.php']) { 362 include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_beuserauth.php']); 363 } 364 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Nov 25 17:13:16 2007 | par Balluche grâce à PHPXref 0.7 |
|
|