Updated copyright notices to show "2004"
[Packages/TYPO3.CMS.git] / t3lib / class.t3lib_userauth.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2004 Kasper Skaarhoj (kasper@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * Contains a base class for authentication of users in TYPO3, both frontend and backend.
29 *
30 * $Id$
31 * Revised for TYPO3 3.6 July/2003 by Kasper Skaarhoj
32 *
33 * @author Kasper Skaarhoj <kasper@typo3.com>
34 */
35 /**
36 * [CLASS/FUNCTION INDEX of SCRIPT]
37 *
38 *
39 *
40 * 85: class t3lib_userAuth
41 * 153: function start()
42 * 246: function check_authentication()
43 * 386: function redirect()
44 * 399: function logoff()
45 * 411: function gc()
46 * 422: function user_where_clause()
47 * 438: function writeUC($variable='')
48 * 461: function writelog($type,$action,$error,$details_nr,$details,$data,$tablename,$recuid,$recpid)
49 * 470: function checkLogFailures()
50 * 479: function unpack_uc($theUC='')
51 * 495: function pushModuleData($module,$data,$noSave=0)
52 * 508: function getModuleData($module,$type='')
53 * 521: function getSessionData($key)
54 * 534: function setAndSaveSessionData($key,$data)
55 * 553: function setBeUserByUid($uid)
56 * 567: function setBeUserByName($name)
57 *
58 * TOTAL FUNCTIONS: 16
59 * (This index is automatically created/updated by the extension "extdeveval")
60 *
61 */
62
63
64
65
66
67
68
69
70
71
72
73 /**
74 * Authentication of users in TYPO3
75 *
76 * This class is used to authenticate a login user.
77 * The class is used by both the frontend and backend. In both cases this class is a parent class to beuserauth and feuserauth
78 *
79 * See Inside TYPO3 for more information about the API of the class and internal variables.
80 *
81 * @author Kasper Skaarhoj <kasper@typo3.com>
82 * @package TYPO3
83 * @subpackage t3lib
84 */
85 class t3lib_userAuth {
86 var $global_database = ''; // Which global database to connect to
87 var $session_table = ''; // Table to use for session data.
88 var $name = ''; // Session/Cookie name
89 var $get_name = ''; // Session/GET-var name
90
91 var $user_table = ''; // Table in database with userdata
92 var $username_column = ''; // Column for login-name
93 var $userident_column = ''; // Column for password
94 var $userid_column = ''; // Column for user-id
95 var $lastLogin_column = '';
96
97 var $enablecolumns = Array (
98 'rootLevel' => '', // Boolean: If true, 'AND pid=0' will be a part of the query...
99 'disabled' => '',
100 'starttime' => '',
101 'endtime' => '',
102 'deleted' => ''
103 );
104
105 var $formfield_uname = ''; // formfield with login-name
106 var $formfield_uident = ''; // formfield with password
107 var $formfield_chalvalue = ''; // formfield with a unique value which is used to encrypt the password and username
108 var $formfield_status = ''; // formfield with status: *'login', 'logout'. If empty login is not verified.
109 var $security_level = ''; // sets the level of security. *'normal' = clear-text. 'challenged' = hashed password/username from form in $formfield_uident. 'superchallenged' = hashed password hashed again with username.
110
111 var $auth_include = ''; // this is the name of the include-file containing the login form. If not set, login CAN be anonymous. If set login IS needed.
112
113 var $auth_timeout_field = 0; // if > 0 : session-timeout in seconds. if false/<0 : no timeout. if string: The string is fieldname from the usertable where the timeout can be found.
114 var $lifetime = 0; // 0 = Session-cookies. If session-cookies, the browser will stop session when the browser is closed. Else it keeps the session for $lifetime seconds.
115 var $gc_time = 24; // GarbageCollection. Purge all session data older than $gc_time hours.
116 var $gc_probability = 1; // Possibility (in percent) for GarbageCollection to be run.
117 var $writeStdLog = 0; // Decides if the writelog() function is called at login and logout
118 var $writeAttemptLog = 0; // If the writelog() functions is called if a login-attempt has be tried without success
119 var $sendNoCacheHeaders = 1; // If this is set, headers is sent to assure, caching is NOT done
120 var $getFallBack = 0; // If this is set, authentication is also accepted by the HTTP_GET_VARS. Notice that the identification is NOT 128bit MD5 hash but reduced. This is done in order to minimize the size for mobile-devices, such as WAP-phones
121 var $hash_length = 32; // The ident-hash is normally 32 characters and should be! But if you are making sites for WAP-devices og other lowbandwidth stuff, you may shorten the length. Never let this value drop below 6. A length of 6 would give you more than 16 mio possibilities.
122 var $getMethodEnabled = 0; // Setting this flag true lets user-authetication happen from GET_VARS if POST_VARS are not set. Thus you may supply username/password from the URL.
123
124 var $warningEmail = ''; // warning -emailaddress:
125 var $warningPeriod = 3600; // Period back in time (in seconds) in which number of failed logins are collected
126 var $warningMax = 3; // The maximum accepted number of warnings before an email is sent
127 var $checkPid=1; // If set, the user-record must $checkPid_value as pid
128 var $checkPid_value=0; // The pid, the user-record must have as page-id
129
130 // Internals
131 var $id; // Internal: Will contain session_id (MD5-hash)
132 var $cookieId; // Internal: Will contain the session_id gotten from cookie or GET method. This is used in statistics as a reliable cookie (one which is known to come from HTTP_COOKIE_VARS).
133 var $loginSessionStarted = 0; // Will be set to 1 if the login session is actually written during auth-check.
134
135 var $user; // Internal: Will contain user- AND session-data from database (joined tables)
136 var $get_URL_ID = ''; // Internal: Will will be set to the url--ready (eg. '&login=ab7ef8d...') GET-auth-var if getFallBack is true. Should be inserted in links!
137
138 var $forceSetCookie=0; // Will force the session cookie to be set everytime (liftime must be 0)
139 var $dontSetCookie=0; // Will prevent the setting of the session cookie (takes precedence over forceSetCookie.
140
141
142 /**
143 * Starts a user session
144 * Typical configurations will:
145 * a) check if session cookie was set and if not, set one,
146 * b) check if a password/username was sent and if so, try to authenticate the user
147 * c) Lookup a session attached to a user and check timeout etc.
148 * d) Garbage collection, setting of no-cache headers.
149 * If a user is authenticated the database record of the user (array) will be set in the ->user internal variable.
150 *
151 * @return void
152 */
153 function start() {
154 global $HTTP_COOKIE_VARS, $HTTP_GET_VARS;
155
156 // Init vars.
157 $mode='';
158 $new_id = false; // Default: not a new session
159 $id = isset($HTTP_COOKIE_VARS[$this->name]) ? $HTTP_COOKIE_VARS[$this->name] : ''; // $id is set to ses_id if cookie is present. Else set to false, which will start a new session
160 $this->hash_length = t3lib_div::intInRange($this->hash_length,6,32);
161
162 // If fallback to get mode....
163 if (!$id && $this->getFallBack && $this->get_name) {
164 $id = isset($HTTP_GET_VARS[$this->get_name]) ? $HTTP_GET_VARS[$this->get_name] : '';
165 if (strlen($id)!=$this->hash_length) $id='';
166 $mode='get';
167 }
168 $this->cookieId = $id;
169
170 if (!$id) { // If new session...
171 $id = substr(md5(uniqid('')),0,$this->hash_length); // New random session-$id is made
172 $new_id = true; // New session
173 }
174 // Internal var 'id' is set
175 $this->id = $id;
176 if ($mode=='get' && $this->getFallBack && $this->get_name) { // If fallback to get mode....
177 $this->get_URL_ID = '&'.$this->get_name.'='.$id;
178 }
179 $this->user = ''; // Make certain that NO user is set initially
180
181 // Setting cookies
182 if (($new_id || $this->forceSetCookie) && $this->lifetime==0 ) { // If new session and the cookie is a sessioncookie, we need to set it only once!
183 if (!$this->dontSetCookie) SetCookie($this->name, $id, 0, '/'); // Cookie is set
184 }
185 if ($this->lifetime > 0) { // If it is NOT a session-cookie, we need to refresh it.
186 if (!$this->dontSetCookie) SetCookie($this->name, $id, time()+$this->lifetime, '/');
187 }
188
189 // Check to see if anyone has submitted login-information and if so register the user with the session. $this->user[uid] may be used to write log...
190 if ($this->formfield_status) {
191 $this->check_authentication();
192 }
193 unset($this->user); // Make certain that NO user is set initially. ->check_authentication may have set a session-record which will provide us with a user record in the next section:
194
195
196 // The session_id is used to find user in the database. Two tables are joined: The session-table with user_id of the session and the usertable with its primary key
197 $dbres=mysql(TYPO3_db,sprintf('SELECT * FROM %s, %s WHERE ses_id = "%s" AND ses_name = "%s" AND ses_userid = %s %s',
198 $this->session_table, $this->user_table, $this->id, $this->name, $this->userid_column, $this->user_where_clause())); // In order for this to work, no fields in the user-table should be named 'ses_...'
199 echo mysql_error();
200 if ($this->user = mysql_fetch_assoc($dbres)) {
201 // A user was found
202 if (is_string($this->auth_timeout_field)) {
203 $timeout = intval($this->user[$this->auth_timeout_field]); // Get timeout-time from usertable
204 } else {
205 $timeout = intval($this->auth_timeout_field); // Get timeout from object
206 }
207 // If timeout > 0 (true) and currenttime has not exceeded the latest sessions-time plus the timeout in seconds then accept user
208 // Option later on: We could check that last update was at least x seconds ago in order not to update twice in a row if one script redirects to another...
209 if ($timeout>0 && ($GLOBALS['EXEC_TIME'] < ($this->user['ses_tstamp']+$timeout) )) {
210 $dbres=mysql(TYPO3_db,sprintf('UPDATE %s SET ses_tstamp = "%s" WHERE ses_id = "%s" AND ses_name = "%s"',
211 $this->session_table, $GLOBALS['EXEC_TIME'], $this->id, $this->name));
212 $this->user['ses_tstamp']=$GLOBALS['EXEC_TIME']; // Make sure that the timestamp is also updated in the array
213 } else {
214 $this->user = '';
215 $this->logoff(); // delete any user set...
216 }
217 } else {
218 $this->logoff(); // delete any user set...
219 }
220
221 $this->redirect(); // If any redirection (inclusion of file) then it will happen in this function
222
223
224 // Set all posible headers that could ensure that the script is not cached on the client-side
225 if ($this->sendNoCacheHeaders) {
226 header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
227 header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
228 header('Expires: 0');
229 header('Cache-Control: no-cache, must-revalidate');
230 header('Pragma: no-cache');
231 }
232
233
234 // If we're lucky we'll get to clean up old sessions....
235 if ((rand()%100) <= $this->gc_probability) {
236 $this->gc();
237 }
238 }
239
240 /**
241 * Checks if a submission of username and password is present
242 *
243 * @return string Returns "login" if login, "logout" if logout, or empty if $F_status was none of these values.
244 * @internal
245 */
246 function check_authentication() {
247 global $HTTP_POST_VARS, $HTTP_GET_VARS;
248
249 // The values fetched from input variables here are supposed to already BE slashed...
250 if ($this->getMethodEnabled) {
251 $F_status = isset($HTTP_POST_VARS[$this->formfield_status]) ? $HTTP_POST_VARS[$this->formfield_status] : $HTTP_GET_VARS[$this->formfield_status];
252 $F_uname = isset($HTTP_POST_VARS[$this->formfield_uname]) ? $HTTP_POST_VARS[$this->formfield_uname] : $HTTP_GET_VARS[$this->formfield_uname];
253 $F_uident = isset($HTTP_POST_VARS[$this->formfield_uident]) ? $HTTP_POST_VARS[$this->formfield_uident] : $HTTP_GET_VARS[$this->formfield_uident];
254 $F_chalvalue = isset($HTTP_POST_VARS[$this->formfield_chalvalue]) ? $HTTP_POST_VARS[$this->formfield_chalvalue] : $HTTP_GET_VARS[$this->formfield_chalvalue];
255 } else {
256 $F_status = $HTTP_POST_VARS[$this->formfield_status];
257 $F_uname = $HTTP_POST_VARS[$this->formfield_uname];
258 $F_uident = $HTTP_POST_VARS[$this->formfield_uident];
259 $F_chalvalue = $HTTP_POST_VARS[$this->formfield_chalvalue];
260 }
261
262 switch ($F_status) {
263 case 'login':
264 $refInfo=parse_url(t3lib_div::getIndpEnv('HTTP_REFERER'));
265 $httpHost = t3lib_div::getIndpEnv('TYPO3_HOST_ONLY');
266 if (!$this->getMethodEnabled && ($httpHost!=$refInfo['host'] && !$GLOBALS['TYPO3_CONF_VARS']['SYS']['doNotCheckReferer'])) {
267 die('Error: This host address ("'.$httpHost.'") and the referer host ("'.$refInfo['host'].'") mismatches!<br />
268 It\'s possible that the environment variable HTTP_REFERER is not passed to the script because of a proxy.<br />
269 The site administrator can disable this check in the configuration (flag: TYPO3_CONF_VARS[SYS][doNotCheckReferer]).');
270 }
271 if ($F_uident && $F_uname) {
272 // Reset this flag
273 $loginFailure=0;
274
275 // delete old user session if any
276 $this->logoff();
277
278 // Look up the new user by the username:
279 $query = sprintf('SELECT * FROM %s WHERE %s%s = "%s" %s',
280 $this->user_table,
281 ($this->checkPid?'pid IN ('.$this->checkPid_value.') AND ':''),
282 $this->username_column, $F_uname, $this->user_where_clause() );
283 $dbres=mysql(TYPO3_db,$query);
284
285 // Enter, if a user was found:
286 if ($tempuser = mysql_fetch_assoc($dbres)) {
287 // Internal user record set (temporarily)
288 $this->user = $tempuser;
289
290 // Default: not OK - will be set true if password matches in the comparison hereafter
291 $OK = false;
292
293 // check the password
294 switch ($this->security_level) {
295 case 'superchallenged': // If superchallenged the password in the database ($tempuser[$this->userident_column]) must be a md5-hash of the original password.
296 case 'challenged':
297 if ((string)$F_uident == (string)md5($tempuser[$this->username_column].':'.$tempuser[$this->userident_column].':'.$F_chalvalue)) {
298 $OK = true;
299 };
300 break;
301 default: // normal
302 if ((string)$F_uident == (string)$tempuser[$this->userident_column]) {
303 $OK = true;
304 };
305 break;
306 }
307
308 // Write session-record in case user was verified OK
309 if ($OK) {
310 // Checking the domain (lockToDomain)
311 if ($this->user['lockToDomain'] && $this->user['lockToDomain']!=t3lib_div::getIndpEnv('HTTP_HOST')) {
312 // Lock domain didn't match, so error:
313 if ($this->writeAttemptLog) {
314 $this->writelog(255,3,3,1,
315 "Login-attempt from %s (%s), username '%s', locked domain '%s' did not match '%s'!",
316 Array(t3lib_div::getIndpEnv('REMOTE_ADDR'),t3lib_div::getIndpEnv('REMOTE_HOST'),$F_uname,$this->user['lockToDomain'],t3lib_div::getIndpEnv('HTTP_HOST')));
317 }
318 $loginFailure=1;
319 } else {
320 // The loginsession is started.
321 $this->loginSessionStarted = 1;
322
323 // Inserting session record:
324 $dbres=mysql(TYPO3_db,sprintf("INSERT INTO %s (ses_id, ses_name, ses_userid, ses_tstamp) VALUES ('%s','%s','%s','%s')",
325 $this->session_table, $this->id, $this->name, $tempuser[$this->userid_column], $GLOBALS['EXEC_TIME']));
326
327 // Updating column carrying information about last login.
328 if ($this->lastLogin_column) {
329 $dbres=mysql(TYPO3_db,sprintf("UPDATE %s SET %s='%s' WHERE %s='%s';",
330 $this->user_table, $this->lastLogin_column, $GLOBALS['EXEC_TIME'], $this->userid_column, $tempuser[$this->userid_column]));
331 }
332 // User logged in - write that to the log!
333 if ($this->writeStdLog) {
334 $this->writelog(255,1,0,1,
335 'User %s logged in from %s (%s)',
336 Array($this->user['username'],t3lib_div::getIndpEnv('REMOTE_ADDR'),t3lib_div::getIndpEnv('REMOTE_HOST')));
337 }
338 }
339 } else {
340 // Failed login attempt (wrong password) - write that to the log!
341 if ($this->writeAttemptLog) {
342 $this->writelog(255,3,3,1,
343 "Login-attempt from %s (%s), username '%s', password not accepted!",
344 Array(t3lib_div::getIndpEnv('REMOTE_ADDR'),t3lib_div::getIndpEnv('REMOTE_HOST'),$F_uname));
345 }
346 $loginFailure=1;
347 }
348 // Make sure to clear the user again!!
349 unset($this->user);
350 } else {
351 // Failed login attempt (no username found)
352 if ($this->writeAttemptLog) {
353 $this->writelog(255,3,3,2,
354 "Login-attempt from %s (%s), username '%s' not found!!",
355 Array(t3lib_div::getIndpEnv('REMOTE_ADDR'),t3lib_div::getIndpEnv('REMOTE_HOST'),$F_uname)); // Logout written to log
356 }
357 $loginFailure=1;
358 }
359
360 // If there were a login failure, check to see if a warning email should be sent:
361 if ($loginFailure) {
362 $this->checkLogFailures($this->warningEmail, $this->warningPeriod, $this->warningMax);
363 }
364 }
365
366 // Return "login" - since this was the $F_status
367 return 'login';
368 break;
369 case 'logout':
370 // Just logout:
371 if ($this->writeStdLog) $this->writelog(255,2,0,2,'User %s logged out',Array($this->user['username'])); // Logout written to log
372 $this->logoff();
373
374 // Return "logout" - since this was the $F_status
375 return 'logout';
376 break;
377 }
378 }
379
380 /**
381 * Redirect to somewhere. Obsolete, depreciated etc.
382 *
383 * @return void
384 * @ignore
385 */
386 function redirect() {
387 if (!$this->userid && $this->auth_url) { // if no userid AND an include-document for login is given
388 include ($this->auth_include);
389 exit;
390 }
391 }
392
393 /**
394 * Log out current user!
395 * Removes the current session record, sets the internal ->user array to a blank string; Thereby the current user (if any) is effectively logged out!
396 *
397 * @return void
398 */
399 function logoff() {
400 $dbres=mysql(TYPO3_db,sprintf("DELETE FROM %s WHERE ses_id = '%s' AND ses_name = '%s'",
401 $this->session_table, $this->id, $this->name));
402 $this->user = "";
403 }
404
405 /**
406 * Garbage collector, removing old expired sessions.
407 *
408 * @return void
409 * @internal
410 */
411 function gc() {
412 $dbres=mysql(TYPO3_db,sprintf("DELETE FROM %s WHERE ses_tstamp < '%s' AND ses_name = '%s'",
413 $this->session_table, time()-($this->gc_time*60*60), $this->name));
414 }
415
416 /**
417 * This returns the where-clause needed to select the user with respect flags like deleted, hidden, starttime, endtime
418 *
419 * @return string
420 * @access private
421 */
422 function user_where_clause() {
423 return (($this->enablecolumns['rootLevel']) ? 'AND pid=0 ' : '').
424 (($this->enablecolumns['disabled']) ? ' AND NOT '.$this->enablecolumns['disabled'] : '').
425 (($this->enablecolumns['deleted']) ? ' AND NOT '.$this->enablecolumns['deleted'] : '').
426 (($this->enablecolumns['starttime']) ? ' AND ('.$this->enablecolumns['starttime'].'<='.time().')' : '').
427 (($this->enablecolumns['endtime']) ? ' AND ('.$this->enablecolumns['endtime'].'=0 OR '.$this->enablecolumns['endtime'].'>'.time().')' : '');
428 }
429
430 /**
431 * This writes $variable to the user-record. This is a way of providing session-data.
432 * You can fetch the data again through $this->uc in this class!
433 * If $variable is not an array, $this->uc is saved!
434 *
435 * @param array An array you want to store for the user as session data. If $variable is not supplied (is blank string), the internal variable, ->uc, is stored by default
436 * @return void
437 */
438 function writeUC($variable='') {
439 if (is_array($this->user) && $this->user['uid']) {
440 if (!is_array($variable)) {$variable=$this->uc;}
441 $query='UPDATE '.$this->user_table.' SET uc ="'.addslashes(serialize($variable)).'" where uid='.$this->user['uid'];
442 $dbres=mysql(TYPO3_db,$query);
443 }
444 }
445
446 /**
447 * DUMMY: Writes to log database table (in some extension classes)
448 *
449 * @param integer $type: denotes which module that has submitted the entry. This is the current list: 1=tce_db; 2=tce_file; 3=system (eg. sys_history save); 4=modules; 254=Personal settings changed; 255=login / out action: 1=login, 2=logout, 3=failed login (+ errorcode 3), 4=failure_warning_email sent
450 * @param integer $action: denotes which specific operation that wrote the entry (eg. 'delete', 'upload', 'update' and so on...). Specific for each $type. Also used to trigger update of the interface. (see the log-module for the meaning of each number !!)
451 * @param integer $error: flag. 0 = message, 1 = error (user problem), 2 = System Error (which should not happen), 3 = security notice (admin)
452 * @param integer $details_nr: The message number. Specific for each $type and $action. in the future this will make it possible to translate errormessages to other languages
453 * @param string $details: Default text that follows the message
454 * @param array $data: Data that follows the log. Might be used to carry special information. If an array the first 5 entries (0-4) will be sprintf'ed the details-text...
455 * @param string $tablename: Special field used by tce_main.php. These ($tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)
456 * @param integer $recuid: Special field used by tce_main.php. These ($tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)
457 * @param integer $recpid: Special field used by tce_main.php. These ($tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)
458 * @return void
459 * @see t3lib_userauthgroup::writelog()
460 */
461 function writelog($type,$action,$error,$details_nr,$details,$data,$tablename,$recuid,$recpid) {
462 }
463
464 /**
465 * DUMMY: Check login failures (in some extension classes)
466 *
467 * @return void
468 * @ignore
469 */
470 function checkLogFailures() {
471 }
472
473 /**
474 * Sets $theUC as the internal variable ->uc IF $theUC is an array. If $theUC is false, the 'uc' content from the ->user array will be unserialized and restored in ->uc
475 *
476 * @param mixed If an array, then set as ->uc, otherwise load from user record
477 * @return void
478 */
479 function unpack_uc($theUC='') {
480 if (!$theUC) $theUC=unserialize($this->user['uc']);
481 if (is_array($theUC)) {
482 $this->uc=$theUC;
483 }
484 }
485
486 /**
487 * Stores data for a module.
488 * The data is stored with the session id so you can even check upon retrieval if the module data is from a previous session or from the current session.
489 *
490 * @param string $module is the name of the module ($MCONF['name'])
491 * @param mixed $data is the data you want to store for that module (array, string, ...)
492 * @param boolean If $noSave is set, then the ->uc array (which carries all kinds of user data) is NOT written immediately, but must be written by some subsequent call.
493 * @return void
494 */
495 function pushModuleData($module,$data,$noSave=0) {
496 $this->uc['moduleData'][$module] = $data;
497 $this->uc['moduleSessionID'][$module] = $this->id;
498 if (!$noSave) $this->writeUC();
499 }
500
501 /**
502 * Gets module data for a module (from a loaded ->uc array)
503 *
504 * @param string $module is the name of the module ($MCONF['name'])
505 * @param string If $type = 'ses' then module data is returned only if it was stored in the current session, otherwise data from a previous session will be returned (if available).
506 * @return mixed The module data if available: $this->uc['moduleData'][$module];
507 */
508 function getModuleData($module,$type='') {
509 if ($type!='ses' || $this->uc['moduleSessionID'][$module]==$this->id) {
510 return $this->uc['moduleData'][$module];
511 }
512 }
513
514 /**
515 * Returns the session data stored for $key.
516 * The data will last only for this login session since it is stored in the session table.
517 *
518 * @param string Pointer to an associative key in the session data array which is stored serialized in the field "ses_data" of the session table.
519 * @return mixed
520 */
521 function getSessionData($key) {
522 $sesDat = unserialize($this->user['ses_data']);
523 return $sesDat[$key];
524 }
525
526 /**
527 * Sets the session data ($data) for $key and writes all session data (from ->user['ses_data']) to the database.
528 * The data will last only for this login session since it is stored in the session table.
529 *
530 * @param string Pointer to an associative key in the session data array which is stored serialized in the field "ses_data" of the session table.
531 * @param mixed The variable to store in index $key
532 * @return void
533 */
534 function setAndSaveSessionData($key,$data) {
535 $sesDat = unserialize($this->user['ses_data']);
536 $sesDat[$key]=$data;
537 $this->user['ses_data']=serialize($sesDat);
538 $query = 'UPDATE '.$this->session_table.' SET ses_data="'.addslashes($this->user['ses_data']).'" WHERE ses_id="'.$this->user['ses_id'].'"';
539 $dbres=mysql(TYPO3_db,$query);
540 }
541
542 /**
543 * Raw initialization of the be_user with uid=$uid
544 * This will circumvent all login procedures and select a be_users record from the database and set the content of ->user to the record selected. Thus the BE_USER object will appear like if a user was authenticated - however without a session id and the fields from the session table of course.
545 * Will check the users for disabled, start/endtime, etc. ($this->user_where_clause())
546 *
547 * @param integer The UID of the backend user to set in ->user
548 * @return void
549 * @params integer 'uid' of be_users record to select and set.
550 * @internal
551 * @see SC_mod_tools_be_user_index::compareUsers(), SC_mod_user_setup_index::simulateUser(), freesite_admin::startCreate()
552 */
553 function setBeUserByUid($uid) {
554 $dbres=mysql(TYPO3_db,sprintf("SELECT * FROM %s WHERE uid='%s' %s", $this->user_table, intval($uid), $this->user_where_clause()));
555 echo mysql_error();
556 $this->user = mysql_fetch_assoc($dbres);
557 }
558
559 /**
560 * Raw initialization of the be_user with username=$name
561 *
562 * @param string The username to look up.
563 * @return void
564 * @see t3lib_userAuth::setBeUserByUid()
565 * @internal
566 */
567 function setBeUserByName($name) {
568 $dbres=mysql(TYPO3_db,sprintf("SELECT * FROM %s WHERE username='%s' %s", $this->user_table, addslashes($name), $this->user_where_clause()));
569 echo mysql_error();
570 $this->user = mysql_fetch_assoc($dbres);
571 }
572 }
573
574
575
576 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_userauth.php']) {
577 include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_userauth.php']);
578 }
579 ?>