2 /***************************************************************
5 * (c) 2004-2009 René Fritz <r.fritz@colorcube.de>
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
28 * Service 'User authentication' for the 'sv' extension.
30 * @author René Fritz <r.fritz@colorcube.de>
33 * [CLASS/FUNCTION INDEX of SCRIPT]
37 * 56: class tx_sv_auth extends tx_sv_authbase
38 * 64: function getUser()
39 * 89: function authUser($user)
40 * 129: function getGroups($user, $knownGroups)
43 * (This index is automatically created/updated by the extension "extdeveval")
50 * Authentication services class
52 * @author René Fritz <r.fritz@colorcube.de>
56 class tx_sv_auth
extends tx_sv_authbase
{
60 * Find a user (eg. look up the user record in database when a login is sent)
62 * @return mixed user array or false
67 if ($this->login
['status']=='login' && $this->login
['uident']) {
69 $user = $this->fetchUserRecord($this->login
['uname']);
71 if(!is_array($user)) {
72 // Failed login attempt (no username found)
73 $this->writelog(255,3,3,2,
74 "Login-attempt from %s (%s), username '%s' not found!!",
75 Array($this->authInfo
['REMOTE_ADDR'], $this->authInfo
['REMOTE_HOST'], $this->login
['uname'])); // Logout written to log
77 sprintf( "Login-attempt from %s (%s), username '%s' not found!", $this->authInfo
['REMOTE_ADDR'], $this->authInfo
['REMOTE_HOST'], $this->login
['uname'] ),
82 if ($this->writeDevLog
) t3lib_div
::devLog('User found: '.t3lib_div
::arrayToLogString($user, array($this->db_user
['userid_column'],$this->db_user
['username_column'])), 'tx_sv_auth');
89 * Authenticate a user (Check various conditions for the user that might invalidate its authentication, eg. password match, domain, IP, etc.)
91 * @param array Data of user.
94 function authUser($user) {
97 if ($this->login
['uident'] && $this->login
['uname']) {
99 // Checking password match for user:
100 $OK = $this->compareUident($user, $this->login
);
103 // Failed login attempt (wrong password) - write that to the log!
104 if ($this->writeAttemptLog
) {
105 $this->writelog(255,3,3,1,
106 "Login-attempt from %s (%s), username '%s', password not accepted!",
107 Array($this->authInfo
['REMOTE_ADDR'], $this->authInfo
['REMOTE_HOST'], $this->login
['uname']));
109 sprintf( "Login-attempt from %s (%s), username '%s', password not accepted!", $this->authInfo
['REMOTE_ADDR'], $this->authInfo
['REMOTE_HOST'], $this->login
['uname'] ),
114 if ($this->writeDevLog
) t3lib_div
::devLog('Password not accepted: '.$this->login
['uident'], 'tx_sv_auth', 2);
117 // Checking the domain (lockToDomain)
118 if ($OK && $user['lockToDomain'] && $user['lockToDomain']!=$this->authInfo
['HTTP_HOST']) {
119 // Lock domain didn't match, so error:
120 if ($this->writeAttemptLog
) {
121 $this->writelog(255,3,3,1,
122 "Login-attempt from %s (%s), username '%s', locked domain '%s' did not match '%s'!",
123 Array($this->authInfo
['REMOTE_ADDR'], $this->authInfo
['REMOTE_HOST'], $user[$this->db_user
['username_column']], $user['lockToDomain'], $this->authInfo
['HTTP_HOST']));
125 sprintf( "Login-attempt from %s (%s), username '%s', locked domain '%s' did not match '%s'!", $this->authInfo
['REMOTE_ADDR'], $this->authInfo
['REMOTE_HOST'], $user[$this->db_user
['username_column']], $user['lockToDomain'], $this->authInfo
['HTTP_HOST'] ),
138 * Find usergroup records, currently only for frontend
140 * @param array Data of user.
141 * @param array Group data array of already known groups. This is handy if you want select other related groups. Keys in this array are unique IDs of those groups.
142 * @return mixed Groups array, keys = uid which must be unique
144 function getGroups($user, $knownGroups) {
145 global $TYPO3_CONF_VARS;
147 $groupDataArr = array();
149 if($this->mode
=='getGroupsFE') {
152 if (is_array($user) && $user[$this->db_user
['usergroup_column']]) {
153 $groupList = $user[$this->db_user
['usergroup_column']];
155 $this->getSubGroups($groupList,'',$groups);
158 // ADD group-numbers if the IPmask matches.
159 if (is_array($TYPO3_CONF_VARS['FE']['IPmaskMountGroups'])) {
160 foreach($TYPO3_CONF_VARS['FE']['IPmaskMountGroups'] as $IPel) {
161 if ($this->authInfo
['REMOTE_ADDR'] && $IPel[0] && t3lib_div
::cmpIP($this->authInfo
['REMOTE_ADDR'],$IPel[0])) {$groups[]=intval($IPel[1]);}
165 $groups = array_unique($groups);
167 if (count($groups)) {
168 $list = implode(',',$groups);
170 if ($this->writeDevLog
) t3lib_div
::devLog('Get usergroups with id: '.$list, 'tx_sv_auth');
172 $lockToDomain_SQL = ' AND (lockToDomain=\'\' OR lockToDomain IS NULL OR lockToDomain=\''.$this->authInfo
['HTTP_HOST'].'\')';
173 if (!$this->authInfo
['showHiddenRecords']) $hiddenP = 'AND hidden=0 ';
174 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', $this->db_groups
['table'], 'deleted=0 '.$hiddenP.' AND uid IN ('.$list.')'.$lockToDomain_SQL);
175 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
176 $groupDataArr[$row['uid']] = $row;
178 if ($res) $GLOBALS['TYPO3_DB']->sql_free_result($res);
181 if ($this->writeDevLog
) t3lib_div
::devLog('No usergroups found.', 'tx_sv_auth', 2);
183 } elseif ($this->mode
=='getGroupsBE') {
185 # Get the BE groups here
186 # still needs to be implemented in t3lib_userauthgroup
189 return $groupDataArr;
193 * Fetches subgroups of groups. Function is called recursively for each subgroup.
194 * Function was previously copied from t3lib_userAuthGroup->fetchGroups and has been slightly modified.
196 * @param string Commalist of fe_groups uid numbers
197 * @param string List of already processed fe_groups-uids so the function will not fall into a eternal recursion.
201 function getSubGroups($grList, $idList='', &$groups) {
203 // Fetching records of the groups in $grList (which are not blocked by lockedToDomain either):
204 $lockToDomain_SQL = ' AND (lockToDomain=\'\' OR lockToDomain IS NULL OR lockToDomain=\''.$this->authInfo
['HTTP_HOST'].'\')';
205 if (!$this->authInfo
['showHiddenRecords']) $hiddenP = 'AND hidden=0 ';
206 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid,subgroup', 'fe_groups', 'deleted=0 '.$hiddenP.' AND uid IN ('.$grList.')'.$lockToDomain_SQL);
208 $groupRows = array(); // Internal group record storage
210 // The groups array is filled
211 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
212 if(!in_array($row['uid'], $groups)) { $groups[] = $row['uid']; }
213 $groupRows[$row['uid']] = $row;
216 // Traversing records in the correct order
217 $include_staticArr = t3lib_div
::intExplode(',', $grList);
218 foreach($include_staticArr as $uid) { // traversing list
221 $row=$groupRows[$uid];
222 if (is_array($row) && !t3lib_div
::inList($idList,$uid)) { // Must be an array and $uid should not be in the idList, because then it is somewhere previously in the grouplist
224 // Include sub groups
225 if (trim($row['subgroup'])) {
226 $theList = implode(',',t3lib_div
::intExplode(',',$row['subgroup'])); // Make integer list
227 $this->getSubGroups($theList, $idList.','.$uid, $groups); // Call recursively, pass along list of already processed groups so they are not recursed again.
236 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE
]['XCLASS']['ext/sv/class.tx_sv_auth.php']) {
237 include_once($TYPO3_CONF_VARS[TYPO3_MODE
]['XCLASS']['ext/sv/class.tx_sv_auth.php']);