*** empty log message ***
[Packages/TYPO3.CMS.git] / t3lib / class.t3lib_userauth.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2004 Kasper Skaarhoj (kasper@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * Contains a base class for authentication of users in TYPO3, both frontend and backend.
29 *
30 * $Id$
31 * Revised for TYPO3 3.6 July/2003 by Kasper Skaarhoj
32 *
33 * @author Kasper Skaarhoj <kasper@typo3.com>
34 */
35 /**
36 * [CLASS/FUNCTION INDEX of SCRIPT]
37 *
38 *
39 *
40 * 86: class t3lib_userAuth
41 * 155: function start()
42 * 255: function check_authentication()
43 * 406: function redirect()
44 * 419: function logoff()
45 * 434: function gc()
46 * 448: function user_where_clause()
47 * 462: function ipLockClause()
48 * 478: function writeUC($variable='')
49 * 501: function writelog($type,$action,$error,$details_nr,$details,$data,$tablename,$recuid,$recpid)
50 * 510: function checkLogFailures()
51 * 519: function unpack_uc($theUC='')
52 * 535: function pushModuleData($module,$data,$noSave=0)
53 * 548: function getModuleData($module,$type='')
54 * 561: function getSessionData($key)
55 * 574: function setAndSaveSessionData($key,$data)
56 * 593: function setBeUserByUid($uid)
57 * 606: function setBeUserByName($name)
58 *
59 * TOTAL FUNCTIONS: 17
60 * (This index is automatically created/updated by the extension "extdeveval")
61 *
62 */
63
64
65
66
67
68
69
70
71
72
73
74 /**
75 * Authentication of users in TYPO3
76 *
77 * This class is used to authenticate a login user.
78 * The class is used by both the frontend and backend. In both cases this class is a parent class to beuserauth and feuserauth
79 *
80 * See Inside TYPO3 for more information about the API of the class and internal variables.
81 *
82 * @author Kasper Skaarhoj <kasper@typo3.com>
83 * @package TYPO3
84 * @subpackage t3lib
85 */
86 class t3lib_userAuth {
87 var $global_database = ''; // Which global database to connect to
88 var $session_table = ''; // Table to use for session data.
89 var $name = ''; // Session/Cookie name
90 var $get_name = ''; // Session/GET-var name
91
92 var $user_table = ''; // Table in database with userdata
93 var $username_column = ''; // Column for login-name
94 var $userident_column = ''; // Column for password
95 var $userid_column = ''; // Column for user-id
96 var $lastLogin_column = '';
97
98 var $enablecolumns = Array (
99 'rootLevel' => '', // Boolean: If true, 'AND pid=0' will be a part of the query...
100 'disabled' => '',
101 'starttime' => '',
102 'endtime' => '',
103 'deleted' => ''
104 );
105
106 var $formfield_uname = ''; // formfield with login-name
107 var $formfield_uident = ''; // formfield with password
108 var $formfield_chalvalue = ''; // formfield with a unique value which is used to encrypt the password and username
109 var $formfield_status = ''; // formfield with status: *'login', 'logout'. If empty login is not verified.
110 var $security_level = ''; // sets the level of security. *'normal' = clear-text. 'challenged' = hashed password/username from form in $formfield_uident. 'superchallenged' = hashed password hashed again with username.
111
112 var $auth_include = ''; // this is the name of the include-file containing the login form. If not set, login CAN be anonymous. If set login IS needed.
113
114 var $auth_timeout_field = 0; // if > 0 : session-timeout in seconds. if false/<0 : no timeout. if string: The string is fieldname from the usertable where the timeout can be found.
115 var $lifetime = 0; // 0 = Session-cookies. If session-cookies, the browser will stop session when the browser is closed. Else it keeps the session for $lifetime seconds.
116 var $gc_time = 24; // GarbageCollection. Purge all session data older than $gc_time hours.
117 var $gc_probability = 1; // Possibility (in percent) for GarbageCollection to be run.
118 var $writeStdLog = 0; // Decides if the writelog() function is called at login and logout
119 var $writeAttemptLog = 0; // If the writelog() functions is called if a login-attempt has be tried without success
120 var $sendNoCacheHeaders = 1; // If this is set, headers is sent to assure, caching is NOT done
121 var $getFallBack = 0; // If this is set, authentication is also accepted by the HTTP_GET_VARS. Notice that the identification is NOT 128bit MD5 hash but reduced. This is done in order to minimize the size for mobile-devices, such as WAP-phones
122 var $hash_length = 32; // The ident-hash is normally 32 characters and should be! But if you are making sites for WAP-devices og other lowbandwidth stuff, you may shorten the length. Never let this value drop below 6. A length of 6 would give you more than 16 mio possibilities.
123 var $getMethodEnabled = 0; // Setting this flag true lets user-authetication happen from GET_VARS if POST_VARS are not set. Thus you may supply username/password from the URL.
124 var $lockIP = 1; // If set, will lock the session to the users IP address.
125
126 var $warningEmail = ''; // warning -emailaddress:
127 var $warningPeriod = 3600; // Period back in time (in seconds) in which number of failed logins are collected
128 var $warningMax = 3; // The maximum accepted number of warnings before an email is sent
129 var $checkPid=1; // If set, the user-record must $checkPid_value as pid
130 var $checkPid_value=0; // The pid, the user-record must have as page-id
131
132 // Internals
133 var $id; // Internal: Will contain session_id (MD5-hash)
134 var $cookieId; // Internal: Will contain the session_id gotten from cookie or GET method. This is used in statistics as a reliable cookie (one which is known to come from HTTP_COOKIE_VARS).
135 var $loginSessionStarted = 0; // Will be set to 1 if the login session is actually written during auth-check.
136
137 var $user; // Internal: Will contain user- AND session-data from database (joined tables)
138 var $get_URL_ID = ''; // Internal: Will will be set to the url--ready (eg. '&login=ab7ef8d...') GET-auth-var if getFallBack is true. Should be inserted in links!
139
140 var $forceSetCookie=0; // Will force the session cookie to be set everytime (liftime must be 0)
141 var $dontSetCookie=0; // Will prevent the setting of the session cookie (takes precedence over forceSetCookie.
142
143
144 /**
145 * Starts a user session
146 * Typical configurations will:
147 * a) check if session cookie was set and if not, set one,
148 * b) check if a password/username was sent and if so, try to authenticate the user
149 * c) Lookup a session attached to a user and check timeout etc.
150 * d) Garbage collection, setting of no-cache headers.
151 * If a user is authenticated the database record of the user (array) will be set in the ->user internal variable.
152 *
153 * @return void
154 */
155 function start() {
156 global $HTTP_COOKIE_VARS, $HTTP_GET_VARS;
157
158 // Init vars.
159 $mode='';
160 $new_id = false; // Default: not a new session
161 $id = isset($HTTP_COOKIE_VARS[$this->name]) ? stripslashes($HTTP_COOKIE_VARS[$this->name]) : ''; // $id is set to ses_id if cookie is present. Else set to false, which will start a new session
162 $this->hash_length = t3lib_div::intInRange($this->hash_length,6,32);
163
164 // If fallback to get mode....
165 if (!$id && $this->getFallBack && $this->get_name) {
166 $id = isset($HTTP_GET_VARS[$this->get_name]) ? t3lib_div::_GET($this->get_name) : '';
167 if (strlen($id)!=$this->hash_length) $id='';
168 $mode='get';
169 }
170 $this->cookieId = $id;
171
172 if (!$id) { // If new session...
173 $id = substr(md5(uniqid('')),0,$this->hash_length); // New random session-$id is made
174 $new_id = true; // New session
175 }
176 // Internal var 'id' is set
177 $this->id = $id;
178 if ($mode=='get' && $this->getFallBack && $this->get_name) { // If fallback to get mode....
179 $this->get_URL_ID = '&'.$this->get_name.'='.$id;
180 }
181 $this->user = ''; // Make certain that NO user is set initially
182
183 // Setting cookies
184 if (($new_id || $this->forceSetCookie) && $this->lifetime==0 ) { // If new session and the cookie is a sessioncookie, we need to set it only once!
185 if (!$this->dontSetCookie) SetCookie($this->name, $id, 0, '/'); // Cookie is set
186 }
187 if ($this->lifetime > 0) { // If it is NOT a session-cookie, we need to refresh it.
188 if (!$this->dontSetCookie) SetCookie($this->name, $id, time()+$this->lifetime, '/');
189 }
190
191 // Check to see if anyone has submitted login-information and if so register the user with the session. $this->user[uid] may be used to write log...
192 if ($this->formfield_status) {
193 $this->check_authentication();
194 }
195 unset($this->user); // Make certain that NO user is set initially. ->check_authentication may have set a session-record which will provide us with a user record in the next section:
196
197
198 // The session_id is used to find user in the database. Two tables are joined: The session-table with user_id of the session and the usertable with its primary key
199 $dbres = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
200 '*',
201 $this->session_table.','.$this->user_table,
202 $this->session_table.'.ses_id = "'.$GLOBALS['TYPO3_DB']->quoteStr($this->id, $this->session_table).'"
203 AND '.$this->session_table.'.ses_name = "'.$GLOBALS['TYPO3_DB']->quoteStr($this->name, $this->session_table).'"
204 AND '.$this->session_table.'.ses_userid = '.$this->user_table.'.'.$this->userid_column.'
205 '.$this->ipLockClause().'
206 '.$this->user_where_clause()
207 );
208 if ($this->user = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($dbres)) {
209 // A user was found
210 if (is_string($this->auth_timeout_field)) {
211 $timeout = intval($this->user[$this->auth_timeout_field]); // Get timeout-time from usertable
212 } else {
213 $timeout = intval($this->auth_timeout_field); // Get timeout from object
214 }
215 // If timeout > 0 (true) and currenttime has not exceeded the latest sessions-time plus the timeout in seconds then accept user
216 // Option later on: We could check that last update was at least x seconds ago in order not to update twice in a row if one script redirects to another...
217 if ($timeout>0 && ($GLOBALS['EXEC_TIME'] < ($this->user['ses_tstamp']+$timeout))) {
218 $GLOBALS['TYPO3_DB']->exec_UPDATEquery(
219 $this->session_table,
220 'ses_id="'.$GLOBALS['TYPO3_DB']->quoteStr($this->id, $this->session_table).'" AND ses_name="'.$GLOBALS['TYPO3_DB']->quoteStr($this->name, $this->session_table).'"',
221 array('ses_tstamp' => $GLOBALS['EXEC_TIME'])
222 );
223 $this->user['ses_tstamp'] = $GLOBALS['EXEC_TIME']; // Make sure that the timestamp is also updated in the array
224 } else {
225 $this->user = '';
226 $this->logoff(); // delete any user set...
227 }
228 } else {
229 $this->logoff(); // delete any user set...
230 }
231
232 $this->redirect(); // If any redirection (inclusion of file) then it will happen in this function
233
234 // Set all posible headers that could ensure that the script is not cached on the client-side
235 if ($this->sendNoCacheHeaders) {
236 header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
237 header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
238 header('Expires: 0');
239 header('Cache-Control: no-cache, must-revalidate');
240 header('Pragma: no-cache');
241 }
242
243 // If we're lucky we'll get to clean up old sessions....
244 if ((rand()%100) <= $this->gc_probability) {
245 $this->gc();
246 }
247 }
248
249 /**
250 * Checks if a submission of username and password is present
251 *
252 * @return string Returns "login" if login, "logout" if logout, or empty if $F_status was none of these values.
253 * @internal
254 */
255 function check_authentication() {
256
257 // The values fetched from input variables here are supposed to already BE slashed...
258 if ($this->getMethodEnabled) {
259 $F_status = t3lib_div::_GP($this->formfield_status);
260 $F_uname = t3lib_div::_GP($this->formfield_uname);
261 $F_uident = t3lib_div::_GP($this->formfield_uident);
262 $F_chalvalue = t3lib_div::_GP($this->formfield_chalvalue);
263 } else {
264 $F_status = t3lib_div::_POST($this->formfield_status);
265 $F_uname = t3lib_div::_POST($this->formfield_uname);
266 $F_uident = t3lib_div::_POST($this->formfield_uident);
267 $F_chalvalue = t3lib_div::_POST($this->formfield_chalvalue);
268 }
269
270 switch ($F_status) {
271 case 'login':
272 $refInfo=parse_url(t3lib_div::getIndpEnv('HTTP_REFERER'));
273 $httpHost = t3lib_div::getIndpEnv('TYPO3_HOST_ONLY');
274 if (!$this->getMethodEnabled && ($httpHost!=$refInfo['host'] && !$GLOBALS['TYPO3_CONF_VARS']['SYS']['doNotCheckReferer'])) {
275 die('Error: This host address ("'.$httpHost.'") and the referer host ("'.$refInfo['host'].'") mismatches!<br />
276 It\'s possible that the environment variable HTTP_REFERER is not passed to the script because of a proxy.<br />
277 The site administrator can disable this check in the configuration (flag: TYPO3_CONF_VARS[SYS][doNotCheckReferer]).');
278 }
279 if ($F_uident && $F_uname) {
280
281 // Reset this flag
282 $loginFailure=0;
283
284 // delete old user session if any
285 $this->logoff();
286
287 // Look up the new user by the username:
288 $dbres = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
289 '*',
290 $this->user_table,
291 ($this->checkPid ? 'pid IN ('.$GLOBALS['TYPO3_DB']->cleanIntList($this->checkPid_value).') AND ' : '').
292 $this->username_column.'="'.$GLOBALS['TYPO3_DB']->quoteStr($F_uname, $this->user_table).'" '.
293 $this->user_where_clause()
294 );
295
296 // Enter, if a user was found:
297 if ($tempuser = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($dbres)) {
298 // Internal user record set (temporarily)
299 $this->user = $tempuser;
300
301 // Default: not OK - will be set true if password matches in the comparison hereafter
302 $OK = false;
303
304 // check the password
305 switch ($this->security_level) {
306 case 'superchallenged': // If superchallenged the password in the database ($tempuser[$this->userident_column]) must be a md5-hash of the original password.
307 case 'challenged':
308 if (!strcmp($F_uident,md5($tempuser[$this->username_column].':'.$tempuser[$this->userident_column].':'.$F_chalvalue))) {
309 $OK = true;
310 };
311 break;
312 default: // normal
313 if (!strcmp($F_uident,$tempuser[$this->userident_column])) {
314 $OK = true;
315 };
316 break;
317 }
318
319 // Write session-record in case user was verified OK
320 if ($OK) {
321 // Checking the domain (lockToDomain)
322 if ($this->user['lockToDomain'] && $this->user['lockToDomain']!=t3lib_div::getIndpEnv('HTTP_HOST')) {
323 // Lock domain didn't match, so error:
324 if ($this->writeAttemptLog) {
325 $this->writelog(255,3,3,1,
326 "Login-attempt from %s (%s), username '%s', locked domain '%s' did not match '%s'!",
327 Array(t3lib_div::getIndpEnv('REMOTE_ADDR'),t3lib_div::getIndpEnv('REMOTE_HOST'),$F_uname,$this->user['lockToDomain'],t3lib_div::getIndpEnv('HTTP_HOST')));
328 }
329 $loginFailure=1;
330 } else {
331 // The loginsession is started.
332 $this->loginSessionStarted = 1;
333
334 // Inserting session record:
335 $insertFields = array(
336 'ses_id' => $this->id,
337 'ses_name' => $this->name,
338 'ses_iplock' => t3lib_div::getIndpEnv('REMOTE_ADDR'),
339 'ses_userid' => $tempuser[$this->userid_column],
340 'ses_tstamp' => $GLOBALS['EXEC_TIME']
341 );
342 $GLOBALS['TYPO3_DB']->exec_INSERTquery($this->session_table, $insertFields);
343
344 // Updating column carrying information about last login.
345 if ($this->lastLogin_column) {
346 $GLOBALS['TYPO3_DB']->exec_UPDATEquery(
347 $this->user_table,
348 $this->userid_column.'="'.$GLOBALS['TYPO3_DB']->quoteStr($tempuser[$this->userid_column], $this->user_table).'"',
349 array($this->lastLogin_column => $GLOBALS['EXEC_TIME'])
350 );
351 }
352 // User logged in - write that to the log!
353 if ($this->writeStdLog) {
354 $this->writelog(255,1,0,1,
355 'User %s logged in from %s (%s)',
356 Array($this->user['username'],t3lib_div::getIndpEnv('REMOTE_ADDR'),t3lib_div::getIndpEnv('REMOTE_HOST')));
357 }
358 }
359 } else {
360 // Failed login attempt (wrong password) - write that to the log!
361 if ($this->writeAttemptLog) {
362 $this->writelog(255,3,3,1,
363 "Login-attempt from %s (%s), username '%s', password not accepted!",
364 Array(t3lib_div::getIndpEnv('REMOTE_ADDR'),t3lib_div::getIndpEnv('REMOTE_HOST'),$F_uname));
365 }
366 $loginFailure=1;
367 }
368 // Make sure to clear the user again!!
369 unset($this->user);
370 } else {
371 // Failed login attempt (no username found)
372 if ($this->writeAttemptLog) {
373 $this->writelog(255,3,3,2,
374 "Login-attempt from %s (%s), username '%s' not found!!",
375 Array(t3lib_div::getIndpEnv('REMOTE_ADDR'),t3lib_div::getIndpEnv('REMOTE_HOST'),$F_uname)); // Logout written to log
376 }
377 $loginFailure=1;
378 }
379
380 // If there were a login failure, check to see if a warning email should be sent:
381 if ($loginFailure) {
382 $this->checkLogFailures($this->warningEmail, $this->warningPeriod, $this->warningMax);
383 }
384 }
385
386 // Return "login" - since this was the $F_status
387 return 'login';
388 break;
389 case 'logout':
390 // Just logout:
391 if ($this->writeStdLog) $this->writelog(255,2,0,2,'User %s logged out',Array($this->user['username'])); // Logout written to log
392 $this->logoff();
393
394 // Return "logout" - since this was the $F_status
395 return 'logout';
396 break;
397 }
398 }
399
400 /**
401 * Redirect to somewhere. Obsolete, depreciated etc.
402 *
403 * @return void
404 * @ignore
405 */
406 function redirect() {
407 if (!$this->userid && $this->auth_url) { // if no userid AND an include-document for login is given
408 include ($this->auth_include);
409 exit;
410 }
411 }
412
413 /**
414 * Log out current user!
415 * Removes the current session record, sets the internal ->user array to a blank string; Thereby the current user (if any) is effectively logged out!
416 *
417 * @return void
418 */
419 function logoff() {
420 $GLOBALS['TYPO3_DB']->exec_DELETEquery(
421 $this->session_table,
422 'ses_id = "'.$GLOBALS['TYPO3_DB']->quoteStr($this->id, $this->session_table).'"
423 AND ses_name = "'.$GLOBALS['TYPO3_DB']->quoteStr($this->name, $this->session_table).'"'
424 );
425 $this->user = "";
426 }
427
428 /**
429 * Garbage collector, removing old expired sessions.
430 *
431 * @return void
432 * @internal
433 */
434 function gc() {
435 $GLOBALS['TYPO3_DB']->exec_DELETEquery(
436 $this->session_table,
437 'ses_tstamp < '.intval(time()-($this->gc_time*60*60)).'
438 AND ses_name = "'.$GLOBALS['TYPO3_DB']->quoteStr($this->name, $this->session_table).'"'
439 );
440 }
441
442 /**
443 * This returns the where-clause needed to select the user with respect flags like deleted, hidden, starttime, endtime
444 *
445 * @return string
446 * @access private
447 */
448 function user_where_clause() {
449 return (($this->enablecolumns['rootLevel']) ? 'AND '.$this->user_table.'.pid=0 ' : '').
450 (($this->enablecolumns['disabled']) ? ' AND NOT '.$this->user_table.'.'.$this->enablecolumns['disabled'] : '').
451 (($this->enablecolumns['deleted']) ? ' AND NOT '.$this->user_table.'.'.$this->enablecolumns['deleted'] : '').
452 (($this->enablecolumns['starttime']) ? ' AND ('.$this->user_table.'.'.$this->enablecolumns['starttime'].'<='.time().')' : '').
453 (($this->enablecolumns['endtime']) ? ' AND ('.$this->user_table.'.'.$this->enablecolumns['endtime'].'=0 OR '.$this->user_table.'.'.$this->enablecolumns['endtime'].'>'.time().')' : '');
454 }
455
456 /**
457 * This returns the where-clause needed to lock a user to the IP address
458 *
459 * @return string
460 * @access private
461 */
462 function ipLockClause() {
463 if ($this->lockIP) {
464 $wherePart = 'AND '.$this->session_table.'.ses_iplock="'.$GLOBALS['TYPO3_DB']->quoteStr(t3lib_div::getIndpEnv('REMOTE_ADDR'),$this->session_table).'"';
465
466 return $wherePart;
467 }
468 }
469
470 /**
471 * This writes $variable to the user-record. This is a way of providing session-data.
472 * You can fetch the data again through $this->uc in this class!
473 * If $variable is not an array, $this->uc is saved!
474 *
475 * @param array An array you want to store for the user as session data. If $variable is not supplied (is blank string), the internal variable, ->uc, is stored by default
476 * @return void
477 */
478 function writeUC($variable='') {
479 if (is_array($this->user) && $this->user['uid']) {
480 if (!is_array($variable)) { $variable = $this->uc; }
481
482 $GLOBALS['TYPO3_DB']->exec_UPDATEquery($this->user_table, 'uid='.intval($this->user['uid']), array('uc' => serialize($variable)));
483 }
484 }
485
486 /**
487 * DUMMY: Writes to log database table (in some extension classes)
488 *
489 * @param integer $type: denotes which module that has submitted the entry. This is the current list: 1=tce_db; 2=tce_file; 3=system (eg. sys_history save); 4=modules; 254=Personal settings changed; 255=login / out action: 1=login, 2=logout, 3=failed login (+ errorcode 3), 4=failure_warning_email sent
490 * @param integer $action: denotes which specific operation that wrote the entry (eg. 'delete', 'upload', 'update' and so on...). Specific for each $type. Also used to trigger update of the interface. (see the log-module for the meaning of each number !!)
491 * @param integer $error: flag. 0 = message, 1 = error (user problem), 2 = System Error (which should not happen), 3 = security notice (admin)
492 * @param integer $details_nr: The message number. Specific for each $type and $action. in the future this will make it possible to translate errormessages to other languages
493 * @param string $details: Default text that follows the message
494 * @param array $data: Data that follows the log. Might be used to carry special information. If an array the first 5 entries (0-4) will be sprintf'ed the details-text...
495 * @param string $tablename: Special field used by tce_main.php. These ($tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)
496 * @param integer $recuid: Special field used by tce_main.php. These ($tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)
497 * @param integer $recpid: Special field used by tce_main.php. These ($tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)
498 * @return void
499 * @see t3lib_userauthgroup::writelog()
500 */
501 function writelog($type,$action,$error,$details_nr,$details,$data,$tablename,$recuid,$recpid) {
502 }
503
504 /**
505 * DUMMY: Check login failures (in some extension classes)
506 *
507 * @return void
508 * @ignore
509 */
510 function checkLogFailures() {
511 }
512
513 /**
514 * Sets $theUC as the internal variable ->uc IF $theUC is an array. If $theUC is false, the 'uc' content from the ->user array will be unserialized and restored in ->uc
515 *
516 * @param mixed If an array, then set as ->uc, otherwise load from user record
517 * @return void
518 */
519 function unpack_uc($theUC='') {
520 if (!$theUC) $theUC=unserialize($this->user['uc']);
521 if (is_array($theUC)) {
522 $this->uc=$theUC;
523 }
524 }
525
526 /**
527 * Stores data for a module.
528 * The data is stored with the session id so you can even check upon retrieval if the module data is from a previous session or from the current session.
529 *
530 * @param string $module is the name of the module ($MCONF['name'])
531 * @param mixed $data is the data you want to store for that module (array, string, ...)
532 * @param boolean If $noSave is set, then the ->uc array (which carries all kinds of user data) is NOT written immediately, but must be written by some subsequent call.
533 * @return void
534 */
535 function pushModuleData($module,$data,$noSave=0) {
536 $this->uc['moduleData'][$module] = $data;
537 $this->uc['moduleSessionID'][$module] = $this->id;
538 if (!$noSave) $this->writeUC();
539 }
540
541 /**
542 * Gets module data for a module (from a loaded ->uc array)
543 *
544 * @param string $module is the name of the module ($MCONF['name'])
545 * @param string If $type = 'ses' then module data is returned only if it was stored in the current session, otherwise data from a previous session will be returned (if available).
546 * @return mixed The module data if available: $this->uc['moduleData'][$module];
547 */
548 function getModuleData($module,$type='') {
549 if ($type!='ses' || $this->uc['moduleSessionID'][$module]==$this->id) {
550 return $this->uc['moduleData'][$module];
551 }
552 }
553
554 /**
555 * Returns the session data stored for $key.
556 * The data will last only for this login session since it is stored in the session table.
557 *
558 * @param string Pointer to an associative key in the session data array which is stored serialized in the field "ses_data" of the session table.
559 * @return mixed
560 */
561 function getSessionData($key) {
562 $sesDat = unserialize($this->user['ses_data']);
563 return $sesDat[$key];
564 }
565
566 /**
567 * Sets the session data ($data) for $key and writes all session data (from ->user['ses_data']) to the database.
568 * The data will last only for this login session since it is stored in the session table.
569 *
570 * @param string Pointer to an associative key in the session data array which is stored serialized in the field "ses_data" of the session table.
571 * @param mixed The variable to store in index $key
572 * @return void
573 */
574 function setAndSaveSessionData($key,$data) {
575 $sesDat = unserialize($this->user['ses_data']);
576 $sesDat[$key] = $data;
577 $this->user['ses_data'] = serialize($sesDat);
578
579 $GLOBALS['TYPO3_DB']->exec_UPDATEquery($this->session_table, 'ses_id="'.$GLOBALS['TYPO3_DB']->quoteStr($this->user['ses_id'], $this->session_table).'"', array('ses_data' => $this->user['ses_data']));
580 }
581
582 /**
583 * Raw initialization of the be_user with uid=$uid
584 * This will circumvent all login procedures and select a be_users record from the database and set the content of ->user to the record selected. Thus the BE_USER object will appear like if a user was authenticated - however without a session id and the fields from the session table of course.
585 * Will check the users for disabled, start/endtime, etc. ($this->user_where_clause())
586 *
587 * @param integer The UID of the backend user to set in ->user
588 * @return void
589 * @params integer 'uid' of be_users record to select and set.
590 * @internal
591 * @see SC_mod_tools_be_user_index::compareUsers(), SC_mod_user_setup_index::simulateUser(), freesite_admin::startCreate()
592 */
593 function setBeUserByUid($uid) {
594 $dbres = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', $this->user_table, 'uid="'.intval($uid).'" '.$this->user_where_clause());
595 $this->user = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($dbres);
596 }
597
598 /**
599 * Raw initialization of the be_user with username=$name
600 *
601 * @param string The username to look up.
602 * @return void
603 * @see t3lib_userAuth::setBeUserByUid()
604 * @internal
605 */
606 function setBeUserByName($name) {
607 $dbres = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', $this->user_table, 'username="'.$GLOBALS['TYPO3_DB']->quoteStr($name, $this->user_table).'" '.$this->user_where_clause());
608 $this->user = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($dbres);
609 }
610 }
611
612
613
614 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_userauth.php']) {
615 include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_userauth.php']);
616 }
617 ?>