Updated keyword expansion to be disabled for all gif,png,jpg files and sxw (OpenOffic...
[Packages/TYPO3.CMS.git] / t3lib / class.t3lib_beuserauth.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2003 Kasper Skårhøj (kasper@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * Contains class for TYPO3 backend user authentication
29 *
30 * $Id$
31 *
32 * Revised for TYPO3 3.6 July/2003 by Kasper Skårhøj
33 *
34 * @author Kasper Skårhøj <kasper@typo3.com>
35 * @package TYPO3
36 * @subpackage t3lib
37 * @internal
38 */
39 /**
40 * [CLASS/FUNCTION INDEX of SCRIPT]
41 *
42 *
43 *
44 * 74: class t3lib_beUserAuth extends t3lib_userAuthGroup
45 * 148: function trackBeUser($flag)
46 * 161: function checkLockToIP()
47 * 181: function backendCheckLogin()
48 * 206: function backendSetUC()
49 * 241: function overrideUC()
50 * 251: function resetUC()
51 * 264: function emailAtLogin()
52 * 316: function veriCode()
53 *
54 * TOTAL FUNCTIONS: 8
55 * (This index is automatically created/updated by the extension "extdeveval")
56 *
57 */
58
59
60
61
62
63
64
65
66
67
68 /**
69 * TYPO3 user authentication, backend
70 * Could technically have been the same class as t3lib_userauthgroup since these two are always used together and only together.
71 * t3lib_userauthgroup contains most of the functions used for checking permissions, authenticating users, setting up the user etc. This class is most interesting in terms of an API for user from outside.
72 * This class contains the configuration of the database fields used plus some functions for the authentication process of backend users.
73 *
74 * @author Kasper Skårhøj <kasper@typo3.com>
75 */
76 class t3lib_beUserAuth extends t3lib_userAuthGroup {
77 var $session_table = 'be_sessions'; // Table to use for session data.
78 var $name = 'be_typo_user'; // Session/Cookie name
79
80 var $user_table = 'be_users'; // Table in database with userdata
81 var $username_column = 'username'; // Column for login-name
82 var $userident_column = 'password'; // Column for password
83 var $userid_column = 'uid'; // Column for user-id
84 var $lastLogin_column = 'lastlogin';
85 var $notifyHeader = 'From: TYPO3 Login notify <no_reply@no_reply.no_reply>';
86
87 var $enablecolumns = Array (
88 'rootLevel' => 1,
89 'deleted' => 'deleted',
90 'disabled' => 'disable',
91 'starttime' => 'starttime',
92 'endtime' => 'endtime'
93 );
94
95 var $formfield_uname = 'username'; // formfield with login-name
96 var $formfield_uident = 'userident'; // formfield with password
97 var $formfield_chalvalue = 'challenge'; // formfield with a unique value which is used to encrypt the password and username
98 var $formfield_status = 'login_status'; // formfield with status: *'login', 'logout'
99 var $security_level = 'challenged'; // sets the level of security. *'normal' = clear-text. 'challenged' = hashed password/username from form in $formfield_uident. 'superchallenged' = hashed password hashed again with username.
100
101 var $writeStdLog = 1; // Decides if the writelog() function is called at login and logout
102 var $writeAttemptLog = 1; // If the writelog() functions is called if a login-attempt has be tried without success
103
104 var $auth_include = ''; // this is the name of the include-file containing the login form. If not set, login CAN be anonymous. If set login IS needed.
105
106 var $auth_timeout_field = 6000; // if > 0 : session-timeout in seconds. if false/<0 : no timeout. if string: The string is fieldname from the usertable where the timeout can be found.
107 var $lifetime = 0; // 0 = Session-cookies. If session-cookies, the browser will stop session when the browser is closed. Else it keeps the session for $lifetime seconds.
108
109
110
111 // User Config:
112 var $uc;
113
114 // User Config Default values:
115 /*
116 Reserved keys for other storage of session data:
117 moduleData
118 moduleSessionID
119 */
120 var $uc_default = Array (
121 // 'lang' => 'dk', // this value will be transferred from $BE_USER->user[lang] if not set...
122 'interfaceSetup' => '', // serialized content that is used to store interface pane and menu positions. Set by the logout.php-script
123 'moduleData' => Array(), // user-data for the modules
124 'thumbnailsByDefault' => 0,
125 'emailMeAtLogin' => 0,
126 'condensedMode' => 0,
127 'noMenuMode' => 0,
128 'startInTaskCenter' => 0,
129 'localFrameEdit' => 0,
130 'dontEditInPageModule' => 0,
131 'hideSubmoduleIcons' => 0,
132 'helpText' => 1,
133 'titleLen' => 30,
134 'edit_wideDocument' => '0',
135 'edit_showFieldHelp' => 'icon',
136 'edit_RTE' => '1',
137 'edit_docModuleUpload' => '1',
138 'disableCMlayers' => 0,
139 'navFrameWidth' => '', // Default is 245 pixels
140 );
141
142
143 /**
144 * If flag is set and the extensions 'beuser_tracking' is loaded, this will insert a table row with the REQUEST_URI of current script - thus tracking the scripts the backend users uses...
145 *
146 * @param boolean
147 * @return void
148 * @access private
149 */
150 function trackBeUser($flag) {
151 if ($flag && t3lib_extMgm::isLoaded('beuser_tracking')) {
152 $query = 'INSERT INTO sys_trackbeuser (userid,tstamp,script) VALUES ('.$this->user['uid'].','.time().',"'.addslashes(t3lib_div::getIndpEnv('REQUEST_URI')).'")';
153 $res = mysql(TYPO3_db,$query);
154 }
155 }
156
157 /**
158 * If TYPO3_CONF_VARS['BE']['enabledBeUserIPLock'] is enabled and an IP-list is found in the User TSconfig objString "options.lockToIP", then make an IP comparison with REMOTE_ADDR and return the outcome (true/false)
159 *
160 * @return boolean True, if IP address validates OK (or no check is done at all)
161 * @access private
162 */
163 function checkLockToIP() {
164 global $TYPO3_CONF_VARS;
165 $out=1;
166 if ($TYPO3_CONF_VARS['BE']['enabledBeUserIPLock']) {
167 $IPList = $this->getTSConfigVal('options.lockToIP');
168 if (trim($IPList)) {
169 $baseIP = t3lib_div::getIndpEnv('REMOTE_ADDR');
170 $out=t3lib_div::cmpIP($baseIP, $IPList);
171 }
172 }
173 return $out;
174 }
175
176 /**
177 * Check if user is logged in and if so, call ->fetchGroupData() to load group information and access lists of all kind, further check IP, set the ->uc array and send login-notification email if required.
178 * If no user is logged in the default behaviour is to exit with an error message, but this will happen ONLY if the constant TYPO3_PROCEED_IF_NO_USER is set true.
179 * This function is called right after ->start() in fx. init.php
180 *
181 * @return void
182 */
183 function backendCheckLogin() {
184 if (!$this->user['uid']) {
185 if (!defined('TYPO3_PROCEED_IF_NO_USER') || !TYPO3_PROCEED_IF_NO_USER) {
186 t3lib_BEfunc::typo3PrintError ('Login-error','No user logged in! Sorry, I can\'t proceed then!<br /><br />(You must have cookies enabled!)',0);
187 exit;
188 }
189 } else { // ...and if that's the case, call these functions
190 $this->fetchGroupData(); // The groups are fetched and ready for permission checking in this initialization. Tables.php must be read before this because stuff like the modules has impact in this
191 if ($this->checkLockToIP()) {
192 $this->backendSetUC(); // Setting the UC array. It's needed with fetchGroupData first, due to default/overriding of values.
193 $this->emailAtLogin(); // email at login - if option set.
194 } else {
195 t3lib_BEfunc::typo3PrintError ('Login-error','IP locking prevented you from being authorized. Can\'t proceed, sorry.',0);
196 exit;
197 }
198 }
199 }
200
201 /**
202 * Initialize the internal ->uc array for the backend user
203 * Will make the overrides if necessary, and write the UC back to the be_users record if changes has happend
204 *
205 * @return void
206 * @internal
207 */
208 function backendSetUC() {
209 // UC - user configuration is a serialized array inside the userobject
210 $temp_theSavedUC=unserialize($this->user['uc']); // if there is a saved uc we implement that instead of the default one.
211 if (is_array($temp_theSavedUC)) {
212 $this->unpack_uc($temp_theSavedUC);
213 }
214 // Setting defaults if uc is empty
215 if (!is_array($this->uc)) {
216 $this->uc = array_merge($this->uc_default,$TYPO3_CONF_VARS['BE']['defaultUC'],$this->getTSConfigProp('setup.default')); // Candidate for t3lib_div::array_merge() if integer-keys will some day make trouble...
217 $this->overrideUC();
218 $U=1;
219 }
220 // If TSconfig is updated, update the defaultUC.
221 if ($this->userTSUpdated) {
222 $this->overrideUC();
223 $U=1;
224 }
225 // Setting default lang from be_user record.
226 if (!isset($this->uc['lang'])) {
227 $this->uc['lang']=$this->user['lang'];
228 $U=1;
229 }
230 // Saving if updated.
231 if ($U) {
232 $this->writeUC(); // Method from the t3lib_userauth class.
233 }
234 }
235
236 /**
237 * Override: Call this function every time the uc is updated.
238 * That is 1) by reverting to default values, 2) in the setup-module, 3) userTS changes (userauthgroup)
239 *
240 * @return void
241 * @internal
242 */
243 function overrideUC() {
244 $this->uc = array_merge($this->uc,$this->getTSConfigProp('setup.override')); // Candidate for t3lib_div::array_merge() if integer-keys will some day make trouble...
245 }
246
247 /**
248 * Clears the user[uc] and ->uc to blank strings. Then calls ->backendSetUC() to fill it again with reset contents
249 *
250 * @return void
251 * @internal
252 */
253 function resetUC() {
254 $this->user['uc']='';
255 $this->uc='';
256 $this->backendSetUC();
257 }
258
259 /**
260 * Will send an email notification to warning_email_address/the login users email address when a login session is just started.
261 * Depends on various parameters whether mails are send and to whom.
262 *
263 * @return void
264 * @access private
265 */
266 function emailAtLogin() {
267 if ($this->loginSessionStarted) {
268 // Send notify-mail
269 $subject = 'At "'.$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'].'"'.
270 ' from '.t3lib_div::getIndpEnv('REMOTE_ADDR').
271 (t3lib_div::getIndpEnv('REMOTE_HOST') ? ' ('.t3lib_div::getIndpEnv('REMOTE_HOST').')' : '');
272 $msg = sprintf ('User "%s" logged in from %s (%s) at "%s" (%s)',
273 $this->user['username'],
274 t3lib_div::getIndpEnv('REMOTE_ADDR'),
275 t3lib_div::getIndpEnv('REMOTE_HOST'),
276 $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'],
277 t3lib_div::getIndpEnv('HTTP_HOST')
278 );
279
280 // Warning email address
281 if ($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr']) {
282 $warn=0;
283 $prefix='';
284 if (intval($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_mode']) & 1) { // first bit: All logins
285 $warn=1;
286 $prefix= $this->isAdmin() ? '[AdminLoginWarning]' : '[LoginWarning]';
287 }
288 if ($this->isAdmin() && (intval($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_mode']) & 2)) { // second bit: Only admin-logins
289 $warn=1;
290 $prefix='[AdminLoginWarning]';
291 }
292 if ($warn) {
293 mail($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'],
294 $prefix.' '.$subject,
295 $msg,
296 $this->notifyHeader
297 );
298 }
299 }
300
301 // If An email should be sent to the current user, do that:
302 if ($this->uc['emailMeAtLogin'] && strstr($this->user['email'],'@')) {
303 mail($this->user['email'],
304 $subject,
305 $msg,
306 $this->notifyHeader
307 );
308 }
309 }
310 }
311
312 /**
313 * VeriCode returns 10 first chars of a md5 hash of the session cookie AND the encryptionKey from TYPO3_CONF_VARS.
314 * This code is used as an alternative verification when the JavaScript interface executes cmd's to tce_db.php from eg. MSIE 5.0 because the proper referer is not passed with this browser...
315 *
316 * @return string
317 */
318 function veriCode() {
319 return substr(md5($this->id.$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']),0,10);
320 }
321 }
322
323
324
325
326 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_beuserauth.php']) {
327 include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_beuserauth.php']);
328 }
329 ?>