typo3/sysext/sv/class.tx_sv_auth.php

   1 <?php
   2 /***************************************************************
   3 *  Copyright notice
   4 *
   5 *  (c) 2004-2005 René Fritz <r.fritz@colorcube.de>
   6 *  All rights reserved
   7 *
   8 *  This script is part of the TYPO3 project. The TYPO3 project is
   9 *  free software; you can redistribute it and/or modify
  10 *  it under the terms of the GNU General Public License as published by
  11 *  the Free Software Foundation; either version 2 of the License, or
  12 *  (at your option) any later version.
  13 *
  14 *  The GNU General Public License can be found at
  15 *  http://www.gnu.org/copyleft/gpl.html.
  16 *  A copy is found in the textfile GPL.txt and important notices to the license
  17 *  from the author is found in LICENSE.txt distributed with these scripts.
  18 *
  19 *
  20 *  This script is distributed in the hope that it will be useful,
  21 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  22 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  23 *  GNU General Public License for more details.
  24 *
  25 *  This copyright notice MUST APPEAR in all copies of the script!
  26 ***************************************************************/
  27 /**
  28  * Service 'User authentication' for the 'sv' extension.
  29  *
  30  * @author      René Fritz <r.fritz@colorcube.de>
  31  */
  32 /**
  33  * [CLASS/FUNCTION INDEX of SCRIPT]
  34  *
  35  *
  36  *
  37  *   56: class tx_sv_auth extends tx_sv_authbase
  38  *   64:     function getUser()
  39  *   89:     function authUser($user)
  40  *  129:     function getGroups($user, $knownGroups)
  41  *
  42  * TOTAL FUNCTIONS: 3
  43  * (This index is automatically created/updated by the extension "extdeveval")
  44  *
  45  */
  46
  47
  48
  49 /**
  50  * Authentication services class
  51  *
  52  * @author      René Fritz <r.fritz@colorcube.de>
  53  * @package TYPO3
  54  * @subpackage tx_sv
  55  */
  56 class tx_sv_auth extends tx_sv_authbase         {
  57
  58
  59         /**
  60          * Find a user (eg. look up the user record in database when a login is sent)
  61          *
  62          * @return      mixed           user array or false
  63          */
  64         function getUser()      {
  65                 $user = false;
  66
  67                 if ($this->login['status']=='login' && $this->login['uident'])  {
  68
  69                         $user = $this->fetchUserRecord($this->login['uname']);
  70
  71                         if(!is_array($user)) {
  72                                         // Failed login attempt (no username found)
  73                                 $this->writelog(255,3,3,2,
  74                                         "Login-attempt from %s (%s), username '%s' not found!!",
  75                                         Array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']));  // Logout written to log
  76                         } else {
  77                                 if ($this->writeDevLog)         t3lib_div::devLog('User found: '.t3lib_div::arrayToLogString($user, array($this->db_user['userid_column'],$this->db_user['username_column'])), 'tx_sv_auth');
  78                         }
  79                 }
  80                 return $user;
  81         }
  82
  83         /**
  84          * Authenticate a user (Check various conditions for the user that might invalidate its authentication, eg. password match, domain, IP, etc.)
  85          *
  86          * @param       array           Data of user.
  87          * @return      boolean
  88          */
  89         function authUser($user)        {
  90                 $OK = 100;
  91
  92                 if ($this->login['uident'] && $this->login['uname'])    {
  93
  94                                 // Checking password match for user:
  95                         $OK = $this->compareUident($user, $this->login);
  96
  97                         if(!$OK)     {
  98                                         // Failed login attempt (wrong password) - write that to the log!
  99                                 if ($this->writeAttemptLog) {
 100                                         $this->writelog(255,3,3,1,
 101                                                 "Login-attempt from %s (%s), username '%s', password not accepted!",
 102                                                 Array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']));
 103                                 }
 104                                 if ($this->writeDevLog)         t3lib_div::devLog('Password not accepted: '.$this->login['uident'], 'tx_sv_auth', 2);
 105                         }
 106
 107                                 // Checking the domain (lockToDomain)
 108                         if ($OK && $user['lockToDomain'] && $user['lockToDomain']!=$this->authInfo['HTTP_HOST'])        {
 109                                         // Lock domain didn't match, so error:
 110                                 if ($this->writeAttemptLog) {
 111                                         $this->writelog(255,3,3,1,
 112                                                 "Login-attempt from %s (%s), username '%s', locked domain '%s' did not match '%s'!",
 113                                                 Array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->db_user['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST']));
 114                                 }
 115                                 $OK = false;
 116                         }
 117                 }
 118
 119                 return $OK;
 120         }
 121
 122         /**
 123          * Find usergroup records, currently only for frontend
 124          *
 125          * @param       array           Data of user.
 126          * @param       array           Group data array of already known groups. This is handy if you want select other related groups. Keys in this array are unique IDs of those groups.
 127          * @return      mixed           Groups array, keys = uid which must be unique
 128          */
 129         function getGroups($user, $knownGroups) {
 130                 global $TYPO3_CONF_VARS;
 131
 132                 $groupDataArr = array();
 133
 134                 if($this->mode=='getGroupsFE')  {
 135
 136                         $groups = array();
 137                         if (is_array($user) && $user[$this->db_user['usergroup_column']])       {
 138                                 $groupList = $user[$this->db_user['usergroup_column']];
 139                                 $groups = array();
 140                                 $this->getSubGroups($groupList,'',$groups);
 141                         }
 142
 143                                 // ADD group-numbers if the IPmask matches.
 144                         if (is_array($TYPO3_CONF_VARS['FE']['IPmaskMountGroups']))      {
 145                                 foreach($TYPO3_CONF_VARS['FE']['IPmaskMountGroups'] as $IPel)   {
 146                                         if ($this->authInfo['REMOTE_ADDR'] && $IPel[0] && t3lib_div::cmpIP($this->authInfo['REMOTE_ADDR'],$IPel[0]))    {$groups[]=intval($IPel[1]);}
 147                                 }
 148                         }
 149
 150                         $groups = array_unique($groups);
 151
 152                         if (count($groups))     {
 153                                 $list = implode(',',$groups);
 154
 155                                 if ($this->writeDevLog)         t3lib_div::devLog('Get usergroups with id: '.$list, 'tx_sv_auth');
 156
 157                                 $lockToDomain_SQL = ' AND (lockToDomain=\'\' OR lockToDomain IS NULL OR lockToDomain=\''.$this->authInfo['HTTP_HOST'].'\')';
 158                                 if (!$this->authInfo['showHiddenRecords'])      $hiddenP = 'AND hidden=0 ';
 159                                 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', $this->db_groups['table'], 'deleted=0 '.$hiddenP.' AND uid IN ('.$list.')'.$lockToDomain_SQL);
 160                                 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))      {
 161                                         $groupDataArr[$row['uid']] = $row;
 162                                 }
 163                                 if ($res)       $GLOBALS['TYPO3_DB']->sql_free_result($res);
 164
 165                         } else {
 166                                 if ($this->writeDevLog)         t3lib_div::devLog('No usergroups found.', 'tx_sv_auth', 2);
 167                         }
 168                 } elseif ($this->mode=='getGroupsBE') {
 169
 170                         # Get the BE groups here
 171                         # still needs to be implemented in t3lib_userauthgroup
 172                 }
 173
 174                 return $groupDataArr;
 175         }
 176
 177         /**
 178          * Fetches subgroups of groups. Function is called recursively for each subgroup.
 179          * Function was previously copied from t3lib_userAuthGroup->fetchGroups and has been slightly modified.
 180          *
 181          * @param       string          Commalist of fe_groups uid numbers
 182          * @param       string          List of already processed fe_groups-uids so the function will not fall into a eternal recursion.
 183          * @return      array
 184          * @access private
 185          */
 186         function getSubGroups($grList, $idList='', &$groups)    {
 187
 188                         // Fetching records of the groups in $grList (which are not blocked by lockedToDomain either):
 189                 $lockToDomain_SQL = ' AND (lockToDomain=\'\' OR lockToDomain IS NULL OR lockToDomain=\''.$this->authInfo['HTTP_HOST'].'\')';
 190                 if (!$this->authInfo['showHiddenRecords'])      $hiddenP = 'AND hidden=0 ';
 191                 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid,subgroup', 'fe_groups', 'deleted=0 '.$hiddenP.' AND uid IN ('.$grList.')'.$lockToDomain_SQL);
 192
 193                 $groupRows = array();   // Internal group record storage
 194
 195                         // The groups array is filled
 196                 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))      {
 197                         if(!in_array($row['uid'], $groups))     { $groups[] = $row['uid']; }
 198                         $groupRows[$row['uid']] = $row;
 199                 }
 200
 201                         // Traversing records in the correct order
 202                 $include_staticArr = t3lib_div::intExplode(',', $grList);
 203                 foreach($include_staticArr as $uid)     {       // traversing list
 204
 205                                 // Get row:
 206                         $row=$groupRows[$uid];
 207                         if (is_array($row) && !t3lib_div::inList($idList,$uid)) {       // Must be an array and $uid should not be in the idList, because then it is somewhere previously in the grouplist
 208
 209                                         // Include sub groups
 210                                 if (trim($row['subgroup']))     {
 211                                         $theList = implode(',',t3lib_div::intExplode(',',$row['subgroup']));    // Make integer list
 212                                         $this->getSubGroups($theList, $idList.','.$uid, $groups);               // Call recursively, pass along list of already processed groups so they are not recursed again.
 213                                 }
 214                         }
 215                 }
 216         }
 217 }
 218
 219
 220
 221 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/sv/class.tx_sv_auth.php'])     {
 222         include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/sv/class.tx_sv_auth.php']);
 223 }
 224 ?>