[TASK] Fix spelling and streamline @deprecated notations
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / FrontendBackendUserAuthentication.php
1 <?php
2 namespace TYPO3\CMS\Backend;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
18 use TYPO3\CMS\Core\Compatibility\PublicPropertyDeprecationTrait;
19 use TYPO3\CMS\Core\Database\ConnectionPool;
20 use TYPO3\CMS\Core\Database\Query\QueryBuilder;
21 use TYPO3\CMS\Core\Database\Query\QueryHelper;
22 use TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction;
23 use TYPO3\CMS\Core\Localization\LanguageService;
24 use TYPO3\CMS\Core\Type\Bitmask\Permission;
25 use TYPO3\CMS\Core\Utility\GeneralUtility;
26
27 /**
28 * TYPO3 backend user authentication in the TSFE frontend.
29 * This includes mainly functions related to the Admin Panel
30 */
31 class FrontendBackendUserAuthentication extends BackendUserAuthentication
32 {
33 use PublicPropertyDeprecationTrait;
34
35 /**
36 * Properties which have been moved to protected status from public
37 *
38 * @var array
39 */
40 protected $deprecatedPublicProperties = [
41 'extAdmEnabled' => 'Using $extAdmEnabled of class FrontendBackendUserAuthentication from the outside is discouraged, as this variable is only used for internal storage.',
42 'adminPanel' => 'Using $adminPanel of class FrontendBackendUserAuthentication from the outside is discouraged, as this variable is only used for internal storage.',
43 'extAdminConfig' => 'Using $extAdminConfig of class FrontendBackendUserAuthentication from the outside is discouraged, as this variable is only used for internal storage.',
44 ];
45
46 /**
47 * Form field with login name.
48 *
49 * @var string
50 */
51 public $formfield_uname = '';
52
53 /**
54 * Form field with password.
55 *
56 * @var string
57 */
58 public $formfield_uident = '';
59
60 /**
61 * Formfield_status should be set to "". The value this->formfield_status is set to empty in order to
62 * disable login-attempts to the backend account through this script
63 *
64 * @var string
65 */
66 public $formfield_status = '';
67
68 /**
69 * Decides if the writelog() function is called at login and logout.
70 *
71 * @var bool
72 */
73 public $writeStdLog = false;
74
75 /**
76 * If the writelog() functions is called if a login-attempt has be tried without success.
77 *
78 * @var bool
79 */
80 public $writeAttemptLog = false;
81
82 /**
83 * General flag which is set if the adminpanel is enabled at all.
84 *
85 * @var bool
86 * @deprecated since TYPO3 v9, property will be removed in TYPO3 v10 - see extension "adminpanel" for new API
87 */
88 public $extAdmEnabled = false;
89
90 /**
91 * @var \TYPO3\CMS\Adminpanel\View\AdminPanelView Instance of admin panel
92 * @deprecated since TYPO3 v9, property will be removed in TYPO3 v10 - see extension "adminpanel" for new API
93 */
94 public $adminPanel;
95
96 /**
97 * @var \TYPO3\CMS\Core\FrontendEditing\FrontendEditingController
98 */
99 public $frontendEdit;
100
101 /**
102 * @var array
103 * @deprecated since TYPO3 v9, property will be removed in TYPO3 v10 - see extension "adminpanel" for new API
104 */
105 public $extAdminConfig = [];
106
107 /**
108 * Initializes the admin panel.
109 *
110 * @deprecated since TYPO3 v9 - rewritten as middleware
111 */
112 public function initializeAdminPanel()
113 {
114 trigger_error('Method will be removed in TYPO3 v10 - initialization is done via middleware.', E_USER_DEPRECATED);
115 }
116
117 /**
118 * Initializes frontend editing.
119 *
120 * @deprecated since TYPO3 v9 - rewritten as middleware
121 */
122 public function initializeFrontendEdit()
123 {
124 trigger_error('Method will be removed in TYPO3 v10 - initialization is done via middleware.', E_USER_DEPRECATED);
125 }
126
127 /**
128 * Determines whether frontend editing is currently active.
129 *
130 * @deprecated since TYPO3 v9 - see ext "feedit" for API
131 * @return bool Whether frontend editing is active
132 */
133 public function isFrontendEditingActive()
134 {
135 trigger_error('Method will be removed in TYPO3 v10 - use underlying TSFE directly.', E_USER_DEPRECATED);
136 return $this->extAdmEnabled && (
137 $this->adminPanel->isAdminModuleEnabled('edit') ||
138 (int)$GLOBALS['TSFE']->displayEditIcons === 1 ||
139 (int)$GLOBALS['TSFE']->displayFieldEditIcons === 1
140 );
141 }
142
143 /**
144 * Delegates to the appropriate view and renders the admin panel content.
145 *
146 * @deprecated since TYPO3 v9 - see ext "adminpanel" for new API
147 * @return string.
148 */
149 public function displayAdminPanel()
150 {
151 trigger_error('Method will be removed in TYPO3 v10 - use MainController of adminpanel extension.', E_USER_DEPRECATED);
152 return $this->adminPanel->display();
153 }
154
155 /**
156 * Determines whether the admin panel is enabled and visible.
157 *
158 * @deprecated since TYPO3 v9 - see ext "adminpanel" for new API
159 * @return bool true if the admin panel is enabled and visible
160 */
161 public function isAdminPanelVisible()
162 {
163 trigger_error('Method will be removed in TYPO3 v10 - use new adminpanel API instead.', E_USER_DEPRECATED);
164 return $this->extAdmEnabled && !$this->extAdminConfig['hide'] && $GLOBALS['TSFE']->config['config']['admPanel'];
165 }
166
167 /*****************************************************
168 *
169 * TSFE BE user Access Functions
170 *
171 ****************************************************/
172 /**
173 * Implementing the access checks that the TYPO3 CMS bootstrap script does before a user is ever logged in.
174 * Used in the frontend.
175 *
176 * @return bool Returns TRUE if access is OK
177 */
178 public function checkBackendAccessSettingsFromInitPhp()
179 {
180 // Check Hardcoded lock on BE
181 if ($GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] < 0) {
182 return false;
183 }
184 // Check IP
185 if (trim($GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) {
186 if (!GeneralUtility::cmpIP(GeneralUtility::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) {
187 return false;
188 }
189 }
190 // Check IP mask based on TSconfig
191 if (!$this->checkLockToIP()) {
192 return false;
193 }
194 // Check SSL (https)
195 if ((bool)$GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] && !GeneralUtility::getIndpEnv('TYPO3_SSL')) {
196 return false;
197 }
198 // Finally a check as in BackendUserAuthentication::backendCheckLogin()
199 return $this->isUserAllowedToLogin();
200 }
201
202 /**
203 * Evaluates if the Backend User has read access to the input page record.
204 * The evaluation is based on both read-permission and whether the page is found in one of the users webmounts.
205 * Only if both conditions match, will the function return TRUE.
206 *
207 * Read access means that previewing is allowed etc.
208 *
209 * Used in \TYPO3\CMS\Frontend\Http\RequestHandler
210 *
211 * @param array $pageRec The page record to evaluate for
212 * @return bool TRUE if read access
213 */
214 public function extPageReadAccess($pageRec)
215 {
216 return $this->isInWebMount($pageRec['uid']) && $this->doesUserHaveAccess($pageRec, Permission::PAGE_SHOW);
217 }
218
219 /*****************************************************
220 *
221 * TSFE BE user Access Functions
222 *
223 ****************************************************/
224 /**
225 * Generates a list of Page-uid's from $id. List does not include $id itself
226 * The only pages excluded from the list are deleted pages.
227 *
228 * @param int $id Start page id
229 * @param int $depth Depth to traverse down the page tree.
230 * @param int $begin Is an optional integer that determines at which level in the tree to start collecting uid's. Zero means 'start right away', 1 = 'next level and out'
231 * @param string $perms_clause Perms clause
232 * @return string Returns the list with a comma in the end (if any pages selected!)
233 */
234 public function extGetTreeList($id, $depth, $begin = 0, $perms_clause)
235 {
236 /** @var QueryBuilder $queryBuilder */
237 $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)
238 ->getQueryBuilderForTable('pages');
239
240 $queryBuilder->getRestrictions()
241 ->removeAll()
242 ->add(GeneralUtility::makeInstance(DeletedRestriction::class));
243
244 $depth = (int)$depth;
245 $begin = (int)$begin;
246 $id = (int)$id;
247 $theList = '';
248 if ($id && $depth > 0) {
249 $result = $queryBuilder
250 ->select('uid', 'title')
251 ->from('pages')
252 ->where(
253 $queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter($id, \PDO::PARAM_INT)),
254 QueryHelper::stripLogicalOperatorPrefix($perms_clause)
255 )
256 ->execute();
257 while ($row = $result->fetch()) {
258 if ($begin <= 0) {
259 $theList .= $row['uid'] . ',';
260 }
261 if ($depth > 1) {
262 $theList .= $this->extGetTreeList($row['uid'], $depth - 1, $begin - 1, $perms_clause);
263 }
264 }
265 }
266 return $theList;
267 }
268
269 /*****************************************************
270 *
271 * Localization handling
272 *
273 ****************************************************/
274 /**
275 * Returns the label for key. If a translation for the language set in $this->uc['lang']
276 * is found that is returned, otherwise the default value.
277 * If the global variable $LOCAL_LANG is NOT an array (yet) then this function loads
278 * the global $LOCAL_LANG array with the content of "EXT:core/Resources/Private/Language/locallang_tsfe.xlf"
279 * such that the values therein can be used for labels in the Admin Panel
280 *
281 * @param string $key Key for a label in the $GLOBALS['LOCAL_LANG'] array of "EXT:core/Resources/Private/Language/locallang_tsfe.xlf
282 * @return string The value for the $key
283 */
284 public function extGetLL($key)
285 {
286 if (!is_array($GLOBALS['LOCAL_LANG'])) {
287 $this->getLanguageService()->includeLLFile('EXT:core/Resources/Private/Language/locallang_tsfe.xlf');
288 if (!is_array($GLOBALS['LOCAL_LANG'])) {
289 $GLOBALS['LOCAL_LANG'] = [];
290 }
291 }
292 return htmlspecialchars($this->getLanguageService()->getLL($key));
293 }
294
295 /**
296 * @return LanguageService
297 */
298 protected function getLanguageService()
299 {
300 return $GLOBALS['LANG'];
301 }
302 }