|
TYPO3 API
SVNRelease
|
00001 <?php 00002 /*************************************************************** 00003 * Copyright notice 00004 * 00005 * (c) 2004-2011 René Fritz <r.fritz@colorcube.de> 00006 * All rights reserved 00007 * 00008 * This script is part of the TYPO3 project. The TYPO3 project is 00009 * free software; you can redistribute it and/or modify 00010 * it under the terms of the GNU General Public License as published by 00011 * the Free Software Foundation; either version 2 of the License, or 00012 * (at your option) any later version. 00013 * 00014 * The GNU General Public License can be found at 00015 * http://www.gnu.org/copyleft/gpl.html. 00016 * A copy is found in the textfile GPL.txt and important notices to the license 00017 * from the author is found in LICENSE.txt distributed with these scripts. 00018 * 00019 * 00020 * This script is distributed in the hope that it will be useful, 00021 * but WITHOUT ANY WARRANTY; without even the implied warranty of 00022 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00023 * GNU General Public License for more details. 00024 * 00025 * This copyright notice MUST APPEAR in all copies of the script! 00026 ***************************************************************/ 00027 /** 00028 * Service 'User authentication' for the 'sv' extension. 00029 * 00030 * @author René Fritz <r.fritz@colorcube.de> 00031 */ 00032 /** 00033 * [CLASS/FUNCTION INDEX of SCRIPT] 00034 * 00035 * 00036 * 00037 * 56: class tx_sv_auth extends tx_sv_authbase 00038 * 64: function getUser() 00039 * 89: function authUser($user) 00040 * 129: function getGroups($user, $knownGroups) 00041 * 00042 * TOTAL FUNCTIONS: 3 00043 * (This index is automatically created/updated by the extension "extdeveval") 00044 * 00045 */ 00046 00047 00048 00049 /** 00050 * Authentication services class 00051 * 00052 * @author René Fritz <r.fritz@colorcube.de> 00053 * @package TYPO3 00054 * @subpackage tx_sv 00055 */ 00056 class tx_sv_auth extends tx_sv_authbase { 00057 00058 00059 /** 00060 * Find a user (eg. look up the user record in database when a login is sent) 00061 * 00062 * @return mixed user array or false 00063 */ 00064 function getUser() { 00065 $user = false; 00066 00067 if ($this->login['status']=='login' && $this->login['uident']) { 00068 00069 $user = $this->fetchUserRecord($this->login['uname']); 00070 00071 if(!is_array($user)) { 00072 // Failed login attempt (no username found) 00073 $this->writelog(255,3,3,2, 00074 "Login-attempt from %s (%s), username '%s' not found!!", 00075 Array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname'])); // Logout written to log 00076 t3lib_div::sysLog( 00077 sprintf( "Login-attempt from %s (%s), username '%s' not found!", $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname'] ), 00078 'Core', 00079 0 00080 ); 00081 } else { 00082 if ($this->writeDevLog) t3lib_div::devLog('User found: '.t3lib_div::arrayToLogString($user, array($this->db_user['userid_column'],$this->db_user['username_column'])), 'tx_sv_auth'); 00083 } 00084 } 00085 return $user; 00086 } 00087 00088 /** 00089 * Authenticate a user (Check various conditions for the user that might invalidate its authentication, eg. password match, domain, IP, etc.) 00090 * 00091 * @param array Data of user. 00092 * @return boolean 00093 */ 00094 function authUser($user) { 00095 $OK = 100; 00096 00097 if ($this->login['uident'] && $this->login['uname']) { 00098 00099 // Checking password match for user: 00100 $OK = $this->compareUident($user, $this->login); 00101 00102 if(!$OK) { 00103 // Failed login attempt (wrong password) - write that to the log! 00104 if ($this->writeAttemptLog) { 00105 $this->writelog(255,3,3,1, 00106 "Login-attempt from %s (%s), username '%s', password not accepted!", 00107 Array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname'])); 00108 t3lib_div::sysLog( 00109 sprintf( "Login-attempt from %s (%s), username '%s', password not accepted!", $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname'] ), 00110 'Core', 00111 0 00112 ); 00113 } 00114 if ($this->writeDevLog) t3lib_div::devLog('Password not accepted: '.$this->login['uident'], 'tx_sv_auth', 2); 00115 } 00116 00117 // Checking the domain (lockToDomain) 00118 if ($OK && $user['lockToDomain'] && $user['lockToDomain']!=$this->authInfo['HTTP_HOST']) { 00119 // Lock domain didn't match, so error: 00120 if ($this->writeAttemptLog) { 00121 $this->writelog(255,3,3,1, 00122 "Login-attempt from %s (%s), username '%s', locked domain '%s' did not match '%s'!", 00123 Array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->db_user['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST'])); 00124 t3lib_div::sysLog( 00125 sprintf( "Login-attempt from %s (%s), username '%s', locked domain '%s' did not match '%s'!", $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->db_user['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST'] ), 00126 'Core', 00127 0 00128 ); 00129 } 00130 $OK = false; 00131 } 00132 } 00133 00134 return $OK; 00135 } 00136 00137 /** 00138 * Find usergroup records, currently only for frontend 00139 * 00140 * @param array Data of user. 00141 * @param array Group data array of already known groups. This is handy if you want select other related groups. Keys in this array are unique IDs of those groups. 00142 * @return mixed Groups array, keys = uid which must be unique 00143 */ 00144 function getGroups($user, $knownGroups) { 00145 global $TYPO3_CONF_VARS; 00146 00147 $groupDataArr = array(); 00148 00149 if($this->mode=='getGroupsFE') { 00150 00151 $groups = array(); 00152 if (is_array($user) && $user[$this->db_user['usergroup_column']]) { 00153 $groupList = $user[$this->db_user['usergroup_column']]; 00154 $groups = array(); 00155 $this->getSubGroups($groupList,'',$groups); 00156 } 00157 00158 // ADD group-numbers if the IPmask matches. 00159 if (is_array($TYPO3_CONF_VARS['FE']['IPmaskMountGroups'])) { 00160 foreach($TYPO3_CONF_VARS['FE']['IPmaskMountGroups'] as $IPel) { 00161 if ($this->authInfo['REMOTE_ADDR'] && $IPel[0] && t3lib_div::cmpIP($this->authInfo['REMOTE_ADDR'],$IPel[0])) {$groups[]=intval($IPel[1]);} 00162 } 00163 } 00164 00165 $groups = array_unique($groups); 00166 00167 if (count($groups)) { 00168 $list = implode(',',$groups); 00169 00170 if ($this->writeDevLog) t3lib_div::devLog('Get usergroups with id: '.$list, 'tx_sv_auth'); 00171 00172 $lockToDomain_SQL = ' AND (lockToDomain=\'\' OR lockToDomain IS NULL OR lockToDomain=\''.$this->authInfo['HTTP_HOST'].'\')'; 00173 if (!$this->authInfo['showHiddenRecords']) $hiddenP = 'AND hidden=0 '; 00174 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', $this->db_groups['table'], 'deleted=0 '.$hiddenP.' AND uid IN ('.$list.')'.$lockToDomain_SQL); 00175 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) { 00176 $groupDataArr[$row['uid']] = $row; 00177 } 00178 if ($res) $GLOBALS['TYPO3_DB']->sql_free_result($res); 00179 00180 } else { 00181 if ($this->writeDevLog) t3lib_div::devLog('No usergroups found.', 'tx_sv_auth', 2); 00182 } 00183 } elseif ($this->mode=='getGroupsBE') { 00184 00185 # Get the BE groups here 00186 # still needs to be implemented in t3lib_userauthgroup 00187 } 00188 00189 return $groupDataArr; 00190 } 00191 00192 /** 00193 * Fetches subgroups of groups. Function is called recursively for each subgroup. 00194 * Function was previously copied from t3lib_userAuthGroup->fetchGroups and has been slightly modified. 00195 * 00196 * @param string Commalist of fe_groups uid numbers 00197 * @param string List of already processed fe_groups-uids so the function will not fall into a eternal recursion. 00198 * @return array 00199 * @access private 00200 */ 00201 function getSubGroups($grList, $idList='', &$groups) { 00202 00203 // Fetching records of the groups in $grList (which are not blocked by lockedToDomain either): 00204 $lockToDomain_SQL = ' AND (lockToDomain=\'\' OR lockToDomain IS NULL OR lockToDomain=\''.$this->authInfo['HTTP_HOST'].'\')'; 00205 if (!$this->authInfo['showHiddenRecords']) $hiddenP = 'AND hidden=0 '; 00206 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid,subgroup', 'fe_groups', 'deleted=0 '.$hiddenP.' AND uid IN ('.$grList.')'.$lockToDomain_SQL); 00207 00208 $groupRows = array(); // Internal group record storage 00209 00210 // The groups array is filled 00211 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) { 00212 if(!in_array($row['uid'], $groups)) { $groups[] = $row['uid']; } 00213 $groupRows[$row['uid']] = $row; 00214 } 00215 00216 // Traversing records in the correct order 00217 $include_staticArr = t3lib_div::intExplode(',', $grList); 00218 foreach($include_staticArr as $uid) { // traversing list 00219 00220 // Get row: 00221 $row=$groupRows[$uid]; 00222 if (is_array($row) && !t3lib_div::inList($idList,$uid)) { // Must be an array and $uid should not be in the idList, because then it is somewhere previously in the grouplist 00223 00224 // Include sub groups 00225 if (trim($row['subgroup'])) { 00226 $theList = implode(',',t3lib_div::intExplode(',',$row['subgroup'])); // Make integer list 00227 $this->getSubGroups($theList, $idList.','.$uid, $groups); // Call recursively, pass along list of already processed groups so they are not recursed again. 00228 } 00229 } 00230 } 00231 } 00232 } 00233 00234 00235 00236 if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['ext/sv/class.tx_sv_auth.php'])) { 00237 include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['ext/sv/class.tx_sv_auth.php']); 00238 } 00239 ?>
1.8.0