[TASK] Use GeneralUtility::quoteJSvalue() where needed part 1
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / FrontendBackendUserAuthentication.php
1 <?php
2 namespace TYPO3\CMS\Backend;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Core\Cache\Frontend\FrontendInterface;
18 use TYPO3\CMS\Core\Utility\GeneralUtility;
19 use TYPO3\CMS\Lang\LanguageService;
20
21 /**
22 * TYPO3 backend user authentication in the TSFE frontend.
23 * This includes mainly functions related to the Admin Panel
24 *
25 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
26 */
27 class FrontendBackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\BackendUserAuthentication {
28
29 /**
30 * Form field with login name.
31 *
32 * @var string
33 */
34 public $formfield_uname = '';
35
36 /**
37 * Form field with password.
38 *
39 * @var string
40 */
41 public $formfield_uident = '';
42
43 /**
44 * Form field with a unique value which is used to encrypt the password and username.
45 *
46 * @var string
47 */
48 public $formfield_chalvalue = '';
49
50 /**
51 * Decides if the writelog() function is called at login and logout.
52 *
53 * @var bool
54 */
55 public $writeStdLog = FALSE;
56
57 /**
58 * If the writelog() functions is called if a login-attempt has be tried without success.
59 *
60 * @var bool
61 */
62 public $writeAttemptLog = FALSE;
63
64 /**
65 * Array of page related information (uid, title, depth).
66 *
67 * @var array
68 */
69 public $extPageInTreeInfo = array();
70
71 /**
72 * General flag which is set if the adminpanel is enabled at all.
73 *
74 * @var bool
75 */
76 public $extAdmEnabled = FALSE;
77
78 /**
79 * @var \TYPO3\CMS\Frontend\View\AdminPanelView Instance of admin panel
80 */
81 public $adminPanel = NULL;
82
83 /**
84 * @var \TYPO3\CMS\Core\FrontendEditing\FrontendEditingController
85 */
86 public $frontendEdit = NULL;
87
88 /**
89 * @var array
90 */
91 public $extAdminConfig = array();
92
93 /**
94 * Initializes the admin panel.
95 *
96 * @return void
97 */
98 public function initializeAdminPanel() {
99 $this->extAdminConfig = $this->getTSConfigProp('admPanel');
100 if (isset($this->extAdminConfig['enable.'])) {
101 foreach ($this->extAdminConfig['enable.'] as $value) {
102 if ($value) {
103 $this->adminPanel = GeneralUtility::makeInstance(\TYPO3\CMS\Frontend\View\AdminPanelView::class);
104 $this->extAdmEnabled = TRUE;
105 break;
106 }
107 }
108 }
109 }
110
111 /**
112 * Initializes frontend editing.
113 *
114 * @return void
115 */
116 public function initializeFrontendEdit() {
117 if (isset($this->extAdminConfig['enable.']) && $this->isFrontendEditingActive()) {
118 foreach ($this->extAdminConfig['enable.'] as $value) {
119 if ($value) {
120 if ($GLOBALS['TSFE'] instanceof \TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController) {
121 // Grab the Page TSConfig property that determines which controller to use.
122 $pageTSConfig = $GLOBALS['TSFE']->getPagesTSconfig();
123 $controllerKey = isset($pageTSConfig['TSFE.']['frontendEditingController'])
124 ? $pageTSConfig['TSFE.']['frontendEditingController']
125 : 'default';
126 } else {
127 $controllerKey = 'default';
128 }
129 $controllerClass = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController'][$controllerKey];
130 if ($controllerClass) {
131 $this->frontendEdit = GeneralUtility::getUserObj($controllerClass, FALSE);
132 }
133 break;
134 }
135 }
136 }
137 }
138
139 /**
140 * Determines whether frontend editing is currently active.
141 *
142 * @return bool Whether frontend editing is active
143 */
144 public function isFrontendEditingActive() {
145 return $this->extAdmEnabled && (
146 $this->adminPanel->isAdminModuleEnabled('edit') ||
147 $GLOBALS['TSFE']->displayEditIcons == 1 ||
148 $GLOBALS['TSFE']->displayFieldEditIcons == 1
149 );
150 }
151
152 /**
153 * Delegates to the appropriate view and renders the admin panel content.
154 *
155 * @return string.
156 */
157 public function displayAdminPanel() {
158 return $this->adminPanel->display();
159 }
160
161 /**
162 * Determines whether the admin panel is enabled and visible.
163 *
164 * @return bool Whether the admin panel is enabled and visible
165 */
166 public function isAdminPanelVisible() {
167 return $this->extAdmEnabled && !$this->extAdminConfig['hide'] && $GLOBALS['TSFE']->config['config']['admPanel'];
168 }
169
170 /*****************************************************
171 *
172 * TSFE BE user Access Functions
173 *
174 ****************************************************/
175 /**
176 * Implementing the access checks that the typo3/init.php script does before a user is ever logged in.
177 * Used in the frontend.
178 *
179 * @return bool Returns TRUE if access is OK
180 */
181 public function checkBackendAccessSettingsFromInitPhp() {
182 // Check Hardcoded lock on BE
183 if ($GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] < 0) {
184 return FALSE;
185 }
186 // Check IP
187 if (trim($GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) {
188 $remoteAddress = GeneralUtility::getIndpEnv('REMOTE_ADDR');
189 if (!GeneralUtility::cmpIP($remoteAddress, $GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) {
190 return FALSE;
191 }
192 }
193 // Check SSL (https)
194 if ((int)$GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] && (int)$GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] !== 3) {
195 if (!GeneralUtility::getIndpEnv('TYPO3_SSL')) {
196 return FALSE;
197 }
198 }
199 // Finally a check from \TYPO3\CMS\Core\Authentication\BackendUserAuthentication::backendCheckLogin()
200 if ($this->isUserAllowedToLogin()) {
201 return TRUE;
202 } else {
203 return FALSE;
204 }
205 }
206
207 /**
208 * Evaluates if the Backend User has read access to the input page record.
209 * The evaluation is based on both read-permission and whether the page is found in one of the users webmounts.
210 * Only if both conditions are TRUE will the function return TRUE.
211 * Read access means that previewing is allowed etc.
212 * Used in index_ts.php
213 *
214 * @param array $pageRec The page record to evaluate for
215 * @return bool TRUE if read access
216 */
217 public function extPageReadAccess($pageRec) {
218 return $this->isInWebMount($pageRec['uid']) && $this->doesUserHaveAccess($pageRec, 1);
219 }
220
221 /*****************************************************
222 *
223 * TSFE BE user Access Functions
224 *
225 ****************************************************/
226 /**
227 * Generates a list of Page-uid's from $id. List does not include $id itself
228 * The only pages excluded from the list are deleted pages.
229 *
230 * @param int $id Start page id
231 * @param int $depth Depth to traverse down the page tree.
232 * @param int $begin Is an optional integer that determines at which level in the tree to start collecting uid's. Zero means 'start right away', 1 = 'next level and out'
233 * @param string $perms_clause Perms clause
234 * @return string Returns the list with a comma in the end (if any pages selected!)
235 */
236 public function extGetTreeList($id, $depth, $begin = 0, $perms_clause) {
237 $depth = (int)$depth;
238 $begin = (int)$begin;
239 $id = (int)$id;
240 $theList = '';
241 if ($id && $depth > 0) {
242 $where = 'pid=' . $id . ' AND doktype IN (' . $GLOBALS['TYPO3_CONF_VARS']['FE']['content_doktypes']
243 . ') AND deleted=0 AND ' . $perms_clause;
244 $res = $this->db->exec_SELECTquery('uid,title', 'pages', $where);
245 while (($row = $this->db->sql_fetch_assoc($res))) {
246 if ($begin <= 0) {
247 $theList .= $row['uid'] . ',';
248 $this->extPageInTreeInfo[] = array($row['uid'], htmlspecialchars($row['title'], $depth));
249 }
250 if ($depth > 1) {
251 $theList .= $this->extGetTreeList($row['uid'], $depth - 1, $begin - 1, $perms_clause);
252 }
253 }
254 $this->db->sql_free_result($res);
255 }
256 return $theList;
257 }
258
259 /**
260 * Returns the number of cached pages for a page id.
261 *
262 * @param int $pageId The page id.
263 * @return int The number of pages for this page in the table "cache_pages
264 */
265 public function extGetNumberOfCachedPages($pageId) {
266 /** @var FrontendInterface $pageCache */
267 $pageCache = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Cache\CacheManager::class)->getCache('cache_pages');
268 $pageCacheEntries = $pageCache->getByTag('pageId_' . (int)$pageId);
269 return count($pageCacheEntries);
270 }
271
272 /*****************************************************
273 *
274 * Localization handling
275 *
276 ****************************************************/
277 /**
278 * Returns the label for key. If a translation for the language set in $this->uc['lang']
279 * is found that is returned, otherwise the default value.
280 * If the global variable $LOCAL_LANG is NOT an array (yet) then this function loads
281 * the global $LOCAL_LANG array with the content of "sysext/lang/locallang_tsfe.xlf"
282 * such that the values therein can be used for labels in the Admin Panel
283 *
284 * @param string $key Key for a label in the $GLOBALS['LOCAL_LANG'] array of "sysext/lang/locallang_tsfe.xlf
285 * @return string The value for the $key
286 */
287 public function extGetLL($key) {
288 if (!is_array($GLOBALS['LOCAL_LANG'])) {
289 $this->getLanguageService()->includeLLFile('EXT:lang/locallang_tsfe.xlf');
290 if (!is_array($GLOBALS['LOCAL_LANG'])) {
291 $GLOBALS['LOCAL_LANG'] = array();
292 }
293 }
294 // Label string in the default backend output charset.
295 $labelStr = htmlspecialchars($this->getLanguageService()->getLL($key));
296 $labelStr = $this->getLanguageService()->csConvObj->utf8_to_entities($labelStr);
297 // Return the result:
298 return $labelStr;
299 }
300
301 /**
302 * @return LanguageService
303 */
304 protected function getLanguageService() {
305 return $GLOBALS['LANG'];
306 }
307
308 }