2 /***************************************************************
5 * (c) 1999-2010 Kasper Skårhøj (kasperYYYY@typo3.com)
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
28 * Class for TYPO3 backend user authentication in the TSFE frontend
31 * Revised for TYPO3 3.6 July/2003 by Kasper Skårhøj
34 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
37 * [CLASS/FUNCTION INDEX of SCRIPT]
41 * 103: class t3lib_tsfeBeUserAuth extends t3lib_beUserAuth
42 * 129: function extInitFeAdmin()
43 * 154: function extPrintFeAdminDialog()
45 * SECTION: Creating sections of the Admin Panel
46 * 250: function extGetCategory_preview($out='')
47 * 283: function extGetCategory_cache($out='')
48 * 321: function extGetCategory_publish($out='')
49 * 356: function extGetCategory_edit($out='')
50 * 400: function extGetCategory_tsdebug($out='')
51 * 433: function extGetCategory_info($out='')
53 * SECTION: Admin Panel Layout Helper functions
54 * 506: function extGetHead($pre)
55 * 526: function extItemLink($pre,$str)
56 * 542: function extGetItem($pre,$element)
57 * 559: function extFw($str)
58 * 568: function ext_makeToolBar()
60 * SECTION: TSFE BE user Access Functions
61 * 637: function checkBackendAccessSettingsFromInitPhp()
62 * 682: function extPageReadAccess($pageRec)
63 * 693: function extAdmModuleEnabled($key)
64 * 709: function extSaveFeAdminConfig()
65 * 741: function extGetFeAdminValue($pre,$val='')
66 * 783: function extIsAdmMenuOpen($pre)
68 * SECTION: TSFE BE user Access Functions
69 * 818: function extGetTreeList($id,$depth,$begin=0,$perms_clause)
70 * 849: function extGetNumberOfCachedPages($page_id)
72 * SECTION: Localization handling
73 * 888: function extGetLL($key)
75 * SECTION: Frontend Editing
76 * 932: function extIsEditAction()
77 * 954: function extIsFormShown()
78 * 970: function extEditAction()
81 * (This index is automatically created/updated by the extension "extdeveval")
87 * TYPO3 backend user authentication in the TSFE frontend.
88 * This includes mainly functions related to the Admin Panel
90 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
94 class t3lib_tsfeBeUserAuth
extends t3lib_beUserAuth
{
96 * Form field with login name.
100 public $formfield_uname = '';
103 * Form field with password.
107 public $formfield_uident = '';
110 * Form field with a unique value which is used to encrypt the password and username.
114 public $formfield_chalvalue = '';
117 * Sets the level of security. *'normal' = clear-text. 'challenged' = hashed password/username.
118 * from form in $formfield_uident. 'superchallenged' = hashed password hashed again with username.
122 public $security_level = '';
125 * Decides if the writelog() function is called at login and logout.
129 public $writeStdLog = FALSE;
132 * If the writelog() functions is called if a login-attempt has be tried without success.
136 public $writeAttemptLog = FALSE;
139 * This is the name of the include-file containing the login form. If not set, login CAN be anonymous. If set login IS needed.
143 public $auth_include = '';
146 * Array of page related information (uid, title, depth).
150 public $extPageInTreeInfo = array();
153 * General flag which is set if the adminpanel should be displayed at all.
157 public $extAdmEnabled = FALSE;
160 * Instance of the admin panel
162 * @var tslib_AdminPanel
164 public $adminPanel = NULL;
167 * Class for frontend editing.
169 * @var t3lib_frontendedit
171 public $frontendEdit = NULL;
174 * Initializes the admin panel.
178 public function initializeAdminPanel() {
179 $this->extAdminConfig
= $this->getTSConfigProp('admPanel');
181 if (isset($this->extAdminConfig
['enable.'])) {
182 foreach ($this->extAdminConfig
['enable.'] as $key => $value) {
184 $this->adminPanel
= t3lib_div
::makeInstance('tslib_AdminPanel');
185 $this->extAdmEnabled
= TRUE;
194 * Initializes frontend editing.
198 public function initializeFrontendEdit() {
199 if (isset($this->extAdminConfig
['enable.']) && $this->isFrontendEditingActive()) {
200 foreach ($this->extAdminConfig
['enable.'] as $key => $value) {
202 if ($GLOBALS['TSFE'] instanceof tslib_fe
) {
203 // Grab the Page TSConfig property that determines which controller to use.
204 $pageTSConfig = $GLOBALS['TSFE']->getPagesTSconfig();
205 $controllerKey = isset($pageTSConfig['TSFE.']['frontendEditingController']) ?
$pageTSConfig['TSFE.']['frontendEditingController'] : 'default';
207 $controllerKey = 'default';
210 $controllerClass = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController'][$controllerKey];
211 if ($controllerClass) {
212 $this->frontendEdit
= t3lib_div
::getUserObj($controllerClass, FALSE);
222 * Determines whether frontend editing is currently active.
224 * @return boolean Wheter frontend editing is active
226 public function isFrontendEditingActive() {
227 return ($this->extAdmEnabled
228 && ($this->adminPanel
->isAdminModuleEnabled('edit') && $this->adminPanel
->isAdminModuleOpen('edit')
229 ||
$GLOBALS['TSFE']->displayEditIcons
== 1)
234 * Delegates to the appropriate view and renders the admin panel content.
238 public function displayAdminPanel() {
239 $content = $this->adminPanel
->display();
245 * Determines whether the admin panel is enabled and visible.
247 * @return boolean Whether the admin panel is enabled and visible
249 public function isAdminPanelVisible() {
250 return ($this->extAdmEnabled
&& !$this->extAdminConfig
['hide'] && $GLOBALS['TSFE']->config
['config']['admPanel']);
253 /*****************************************************
255 * TSFE BE user Access Functions
257 ****************************************************/
260 * Implementing the access checks that the typo3/init.php script does before a user is ever logged in.
261 * Used in the frontend.
263 * @return boolean Returns true if access is OK
264 * @see typo3/init.php, t3lib_beuserauth::backendCheckLogin()
266 public function checkBackendAccessSettingsFromInitPhp() {
267 global $TYPO3_CONF_VARS;
269 // **********************
270 // Check Hardcoded lock on BE:
271 // **********************
272 if ($TYPO3_CONF_VARS['BE']['adminOnly'] < 0) {
276 // **********************
278 // **********************
279 if (trim($TYPO3_CONF_VARS['BE']['IPmaskList'])) {
280 if (!t3lib_div
::cmpIP(t3lib_div
::getIndpEnv('REMOTE_ADDR'), $TYPO3_CONF_VARS['BE']['IPmaskList'])) {
286 // **********************
288 // **********************
289 if (intval($TYPO3_CONF_VARS['BE']['lockSSL']) && $TYPO3_CONF_VARS['BE']['lockSSL'] != 3) {
290 if (!t3lib_div
::getIndpEnv('TYPO3_SSL')) {
295 // Finally a check from t3lib_beuserauth::backendCheckLogin()
296 if ($this->isUserAllowedToLogin()) {
305 * Evaluates if the Backend User has read access to the input page record.
306 * The evaluation is based on both read-permission and whether the page is found in one of the users webmounts. Only if both conditions are true will the function return true.
307 * Read access means that previewing is allowed etc.
308 * Used in index_ts.php
310 * @param array The page record to evaluate for
311 * @return boolean True if read access
313 public function extPageReadAccess($pageRec) {
314 return $this->isInWebMount($pageRec['uid']) && $this->doesUserHaveAccess($pageRec, 1);
317 /*****************************************************
319 * TSFE BE user Access Functions
321 ****************************************************/
324 * Generates a list of Page-uid's from $id. List does not include $id itself
325 * The only pages excluded from the list are deleted pages.
327 * @param integer Start page id
328 * @param integer Depth to traverse down the page tree.
329 * @param integer $begin is an optional integer that determines at which level in the tree to start collecting uid's. Zero means 'start right away', 1 = 'next level and out'
330 * @param string Perms clause
331 * @return string Returns the list with a comma in the end (if any pages selected!)
333 public function extGetTreeList($id, $depth, $begin = 0, $perms_clause) {
334 $depth = intval($depth);
335 $begin = intval($begin);
339 if ($id && $depth > 0) {
340 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
343 'pid=' . $id . ' AND doktype IN (' . $GLOBALS['TYPO3_CONF_VARS']['FE']['content_doktypes'] . ') AND deleted=0 AND ' . $perms_clause
345 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
347 $theList .= $row['uid'] . ',';
348 $this->extPageInTreeInfo
[] = array($row['uid'], htmlspecialchars($row['title'], $depth));
351 $theList .= $this->extGetTreeList($row['uid'], $depth - 1, $begin - 1, $perms_clause);
359 * Returns the number of cached pages for a page id.
361 * @param integer The page id.
362 * @return integer The number of pages for this page in the table "cache_pages"
364 public function extGetNumberOfCachedPages($pageId) {
365 if (TYPO3_UseCachingFramework
) {
366 $pageCache = $GLOBALS['typo3CacheManager']->getCache('cache_pages');
367 $pageCacheEntries = $pageCache->getByTag('pageId_' . (int) $pageId);
368 $count = count($pageCacheEntries);
370 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('count(*)', 'cache_pages', 'page_id=' . intval($pageId));
371 list($count) = $GLOBALS['TYPO3_DB']->sql_fetch_row($res);
377 /*****************************************************
379 * Localization handling
381 ****************************************************/
384 * Returns the label for key, $key. If a translation for the language set in $this->uc['lang'] is found that is returned, otherwise the default value.
385 * IF the global variable $LOCAL_LANG is NOT an array (yet) then this function loads the global $LOCAL_LANG array with the content of "sysext/lang/locallang_tsfe.php" so that the values therein can be used for labels in the Admin Panel
387 * @param string Key for a label in the $LOCAL_LANG array of "sysext/lang/locallang_tsfe.php"
388 * @return string The value for the $key
390 public function extGetLL($key) {
392 if (!is_array($LOCAL_LANG)) {
393 $GLOBALS['LANG']->includeLLFile('EXT:lang/locallang_tsfe.php');
394 #include('./'.TYPO3_mainDir.'sysext/lang/locallang_tsfe.php');
395 if (!is_array($LOCAL_LANG)) {
396 $LOCAL_LANG = array();
400 $labelStr = htmlspecialchars($GLOBALS['LANG']->getLL($key)); // Label string in the default backend output charset.
402 // Convert to utf-8, then to entities:
403 if ($GLOBALS['LANG']->charSet
!= 'utf-8') {
404 $labelStr = $GLOBALS['LANG']->csConvObj
->utf8_encode($labelStr, $GLOBALS['LANG']->charSet
);
406 $labelStr = $GLOBALS['LANG']->csConvObj
->utf8_to_entities($labelStr);
408 // Return the result:
415 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE
]['XCLASS']['t3lib/class.t3lib_tsfebeuserauth.php']) {
416 include_once($TYPO3_CONF_VARS[TYPO3_MODE
]['XCLASS']['t3lib/class.t3lib_tsfebeuserauth.php']);