[TASK] CGL FunctionCallArgumentSpacingNoSpaceAfterComma in sysext
[Packages/TYPO3.CMS.git] / typo3 / sysext / sv / class.tx_sv_auth.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 2004-2011 René Fritz <r.fritz@colorcube.de>
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * Service 'User authentication' for the 'sv' extension.
29 *
30 * @author René Fritz <r.fritz@colorcube.de>
31 */
32
33
34
35 /**
36 * Authentication services class
37 *
38 * @author René Fritz <r.fritz@colorcube.de>
39 * @package TYPO3
40 * @subpackage tx_sv
41 */
42 class tx_sv_auth extends tx_sv_authbase {
43
44 /**
45 * Process the submitted credentials.
46 * In this case hash the clear text password if it has been submitted.
47 *
48 * @param array $loginData Credentials that are submitted and potentially modified by other services
49 * @param string $passwordTransmissionStrategy Keyword of how the password has been hashed or encrypted before submission
50 * @return bool
51 */
52 public function processLoginData(array &$loginData, $passwordTransmissionStrategy) {
53 $isProcessed = TRUE;
54
55 // Processing data according to the state it was submitted in.
56 switch ($passwordTransmissionStrategy) {
57 case 'normal':
58 $loginData['uident_text'] = $loginData['uident'];
59 break;
60 case 'challenged':
61 $loginData['uident_text'] = '';
62 $loginData['uident_challenged'] = $loginData['uident'];
63 $loginData['uident_superchallenged'] = '';
64 break;
65 case 'superchallenged':
66 $loginData['uident_text'] = '';
67 $loginData['uident_challenged'] = '';
68 $loginData['uident_superchallenged'] = $loginData['uident'];
69 break;
70 default:
71 $isProcessed = FALSE;
72 }
73
74 if (!empty($loginData['uident_text'])) {
75 $loginData['uident_challenged'] = (string) md5($loginData['uname'] . ':' . $loginData['uident_text'] . ':' . $loginData['chalvalue']);
76 $loginData['uident_superchallenged'] = (string) md5($loginData['uname'] . ':' . (md5($loginData['uident_text'])) . ':' . $loginData['chalvalue']);
77
78 $this->processOriginalPasswordValue($loginData);
79
80 $isProcessed = TRUE;
81 }
82
83 return $isProcessed;
84 }
85
86 /**
87 * This method ensures backwards compatibility of the processed loginData
88 * with older TYPO3 versions.
89 * Starting with TYPO3 4.9 $loginData['uident'] will always contain the raw
90 * value of the submitted password field and will not be processed any further.
91 *
92 * @param array $loginData
93 * @deprecated will be removed with 4.9
94 */
95 protected function processOriginalPasswordValue(&$loginData) {
96 if ($this->authInfo['security_level'] === 'superchallenged') {
97 $loginData['uident'] = $loginData['uident_superchallenged'];
98 } elseif ($this->authInfo['security_level'] === 'challenged') {
99 $loginData['uident'] = $loginData['uident_challenged'];
100 }
101 }
102
103 /**
104 * Find a user (eg. look up the user record in database when a login is sent)
105 *
106 * @return mixed user array or FALSE
107 */
108 function getUser() {
109 $user = FALSE;
110
111 if ($this->login['status'] == 'login') {
112 if ($this->login['uident']) {
113
114 $user = $this->fetchUserRecord($this->login['uname']);
115
116 if(!is_array($user)) {
117 // Failed login attempt (no username found)
118 $this->writelog(255, 3, 3, 2,
119 'Login-attempt from %s (%s), username \'%s\' not found!!',
120 array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname'])
121 ); // Logout written to log
122 t3lib_div::sysLog(
123 sprintf(
124 'Login-attempt from %s (%s), username \'%s\' not found!',
125 $this->authInfo['REMOTE_ADDR'],
126 $this->authInfo['REMOTE_HOST'],
127 $this->login['uname']
128 ),
129 'Core',
130 0
131 );
132 } else {
133 if ($this->writeDevLog) {
134 t3lib_div::devLog(
135 'User found: ' . t3lib_div::arrayToLogString(
136 $user, array($this->db_user['userid_column'], $this->db_user['username_column'])
137 ),
138 'tx_sv_auth'
139 );
140 }
141 }
142 } else {
143 // Failed Login attempt (no password given)
144 $this->writelog(255, 3, 3, 2,
145 'Login-attempt from %s (%s) for username \'%s\' with an empty password!',
146 array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname'])
147 );
148 t3lib_div::sysLog(
149 sprintf(
150 'Login-attempt from %s (%s), for username \'%s\' with an empty password!',
151 $this->authInfo['REMOTE_ADDR'],
152 $this->authInfo['REMOTE_HOST'],
153 $this->login['uname']
154 ),
155 'Core',
156 0
157 );
158 }
159 }
160 return $user;
161 }
162
163 /**
164 * Authenticate a user (Check various conditions for the user that might invalidate its authentication, eg. password match, domain, IP, etc.)
165 *
166 * @param array Data of user.
167 * @return boolean
168 */
169 public function authUser(array $user) {
170 $OK = 100;
171
172 if ($this->login['uident'] && $this->login['uname']) {
173
174 // Checking password match for user:
175 $OK = $this->compareUident($user, $this->login);
176
177 if(!$OK) {
178 // Failed login attempt (wrong password) - write that to the log!
179 if ($this->writeAttemptLog) {
180 $this->writelog(255, 3, 3, 1, "Login-attempt from %s (%s), username '%s', password not accepted!", Array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']));
181 t3lib_div::sysLog(
182 sprintf( "Login-attempt from %s (%s), username '%s', password not accepted!", $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname'] ),
183 'Core',
184 0
185 );
186 }
187 if ($this->writeDevLog) t3lib_div::devLog('Password not accepted: '.$this->login['uident'], 'tx_sv_auth', 2);
188 }
189
190 // Checking the domain (lockToDomain)
191 if ($OK && $user['lockToDomain'] && $user['lockToDomain']!=$this->authInfo['HTTP_HOST']) {
192 // Lock domain didn't match, so error:
193 if ($this->writeAttemptLog) {
194 $this->writelog(255, 3, 3, 1, "Login-attempt from %s (%s), username '%s', locked domain '%s' did not match '%s'!", Array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->db_user['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST']));
195 t3lib_div::sysLog(
196 sprintf( "Login-attempt from %s (%s), username '%s', locked domain '%s' did not match '%s'!", $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->db_user['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST'] ),
197 'Core',
198 0
199 );
200 }
201 $OK = FALSE;
202 }
203 }
204
205 return $OK;
206 }
207
208 /**
209 * Find usergroup records, currently only for frontend
210 *
211 * @param array Data of user.
212 * @param array Group data array of already known groups. This is handy if you want select other related groups. Keys in this array are unique IDs of those groups.
213 * @return mixed Groups array, keys = uid which must be unique
214 */
215 function getGroups($user, $knownGroups) {
216 global $TYPO3_CONF_VARS;
217
218 $groupDataArr = array();
219
220 if($this->mode=='getGroupsFE') {
221
222 $groups = array();
223 if (is_array($user) && $user[$this->db_user['usergroup_column']]) {
224 $groupList = $user[$this->db_user['usergroup_column']];
225 $groups = array();
226 $this->getSubGroups($groupList, '', $groups);
227 }
228
229 // ADD group-numbers if the IPmask matches.
230 if (is_array($TYPO3_CONF_VARS['FE']['IPmaskMountGroups'])) {
231 foreach($TYPO3_CONF_VARS['FE']['IPmaskMountGroups'] as $IPel) {
232 if ($this->authInfo['REMOTE_ADDR'] && $IPel[0] && t3lib_div::cmpIP($this->authInfo['REMOTE_ADDR'], $IPel[0])) {$groups[]=intval($IPel[1]);}
233 }
234 }
235
236 $groups = array_unique($groups);
237
238 if (count($groups)) {
239 $list = implode(',', $groups);
240
241 if ($this->writeDevLog) t3lib_div::devLog('Get usergroups with id: '.$list, 'tx_sv_auth');
242
243 $lockToDomain_SQL = ' AND (lockToDomain=\'\' OR lockToDomain IS NULL OR lockToDomain=\''.$this->authInfo['HTTP_HOST'].'\')';
244 if (!$this->authInfo['showHiddenRecords']) $hiddenP = 'AND hidden=0 ';
245 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', $this->db_groups['table'], 'deleted=0 '.$hiddenP.' AND uid IN ('.$list.')'.$lockToDomain_SQL);
246 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
247 $groupDataArr[$row['uid']] = $row;
248 }
249 if ($res) $GLOBALS['TYPO3_DB']->sql_free_result($res);
250
251 } else {
252 if ($this->writeDevLog) t3lib_div::devLog('No usergroups found.', 'tx_sv_auth', 2);
253 }
254 } elseif ($this->mode=='getGroupsBE') {
255
256 // Get the BE groups here
257 // still needs to be implemented in t3lib_userauthgroup
258 }
259
260 return $groupDataArr;
261 }
262
263 /**
264 * Fetches subgroups of groups. Function is called recursively for each subgroup.
265 * Function was previously copied from t3lib_userAuthGroup->fetchGroups and has been slightly modified.
266 *
267 * @param string Commalist of fe_groups uid numbers
268 * @param string List of already processed fe_groups-uids so the function will not fall into a eternal recursion.
269 * @return array
270 * @access private
271 */
272 function getSubGroups($grList, $idList='', &$groups) {
273
274 // Fetching records of the groups in $grList (which are not blocked by lockedToDomain either):
275 $lockToDomain_SQL = ' AND (lockToDomain=\'\' OR lockToDomain IS NULL OR lockToDomain=\''.$this->authInfo['HTTP_HOST'].'\')';
276 if (!$this->authInfo['showHiddenRecords']) $hiddenP = 'AND hidden=0 ';
277 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid,subgroup', 'fe_groups', 'deleted=0 '.$hiddenP.' AND uid IN ('.$grList.')'.$lockToDomain_SQL);
278
279 $groupRows = array(); // Internal group record storage
280
281 // The groups array is filled
282 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
283 if(!in_array($row['uid'], $groups)) { $groups[] = $row['uid']; }
284 $groupRows[$row['uid']] = $row;
285 }
286
287 // Traversing records in the correct order
288 $include_staticArr = t3lib_div::intExplode(',', $grList);
289 foreach($include_staticArr as $uid) { // traversing list
290
291 // Get row:
292 $row=$groupRows[$uid];
293 if (is_array($row) && !t3lib_div::inList($idList, $uid)) { // Must be an array and $uid should not be in the idList, because then it is somewhere previously in the grouplist
294
295 // Include sub groups
296 if (trim($row['subgroup'])) {
297 // Make integer list
298 $theList = implode(',', t3lib_div::intExplode(',', $row['subgroup']));
299 $this->getSubGroups($theList, $idList.','.$uid, $groups); // Call recursively, pass along list of already processed groups so they are not recursed again.
300 }
301 }
302 }
303 }
304 }
305 ?>