Added feature #9615: Move frontend editing to a system extension.
[Packages/TYPO3.CMS.git] / t3lib / class.t3lib_tsfebeuserauth.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2008 Kasper Skaarhoj (kasperYYYY@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * Class for TYPO3 backend user authentication in the TSFE frontend
29 *
30 * $Id$
31 * Revised for TYPO3 3.6 July/2003 by Kasper Skaarhoj
32 * XHTML compliant
33 *
34 * @author Kasper Skaarhoj <kasperYYYY@typo3.com>
35 */
36 /**
37 * [CLASS/FUNCTION INDEX of SCRIPT]
38 *
39 *
40 *
41 * 103: class t3lib_tsfeBeUserAuth extends t3lib_beUserAuth
42 * 129: function extInitFeAdmin()
43 * 154: function extPrintFeAdminDialog()
44 *
45 * SECTION: Creating sections of the Admin Panel
46 * 250: function extGetCategory_preview($out='')
47 * 283: function extGetCategory_cache($out='')
48 * 321: function extGetCategory_publish($out='')
49 * 356: function extGetCategory_edit($out='')
50 * 400: function extGetCategory_tsdebug($out='')
51 * 433: function extGetCategory_info($out='')
52 *
53 * SECTION: Admin Panel Layout Helper functions
54 * 506: function extGetHead($pre)
55 * 526: function extItemLink($pre,$str)
56 * 542: function extGetItem($pre,$element)
57 * 559: function extFw($str)
58 * 568: function ext_makeToolBar()
59 *
60 * SECTION: TSFE BE user Access Functions
61 * 637: function checkBackendAccessSettingsFromInitPhp()
62 * 682: function extPageReadAccess($pageRec)
63 * 693: function extAdmModuleEnabled($key)
64 * 709: function extSaveFeAdminConfig()
65 * 741: function extGetFeAdminValue($pre,$val='')
66 * 783: function extIsAdmMenuOpen($pre)
67 *
68 * SECTION: TSFE BE user Access Functions
69 * 818: function extGetTreeList($id,$depth,$begin=0,$perms_clause)
70 * 849: function extGetNumberOfCachedPages($page_id)
71 *
72 * SECTION: Localization handling
73 * 888: function extGetLL($key)
74 *
75 * SECTION: Frontend Editing
76 * 932: function extIsEditAction()
77 * 954: function extIsFormShown()
78 * 970: function extEditAction()
79 *
80 * TOTAL FUNCTIONS: 25
81 * (This index is automatically created/updated by the extension "extdeveval")
82 *
83 */
84
85
86
87
88
89
90
91
92
93
94
95 /**
96 * TYPO3 backend user authentication in the TSFE frontend.
97 * This includes mainly functions related to the Admin Panel
98 *
99 * @author Kasper Skaarhoj <kasperYYYY@typo3.com>
100 * @package TYPO3
101 * @subpackage t3lib
102 */
103 class t3lib_tsfeBeUserAuth extends t3lib_beUserAuth {
104 /**
105 * Form field with login name.
106 *
107 * @var string
108 */
109 public $formfield_uname = '';
110
111 /**
112 * Form field with password.
113 *
114 * @var string
115 */
116 public $formfield_uident = '';
117
118 /**
119 * Form field with a unique value which is used to encrypt the password and username.
120 *
121 * @var string
122 */
123 public $formfield_chalvalue = '';
124
125 /**
126 * Sets the level of security. *'normal' = clear-text. 'challenged' = hashed password/username.
127 * from form in $formfield_uident. 'superchallenged' = hashed password hashed again with username.
128 *
129 * @var string
130 */
131 public $security_level = '';
132
133 /**
134 * Decides if the writelog() function is called at login and logout.
135 *
136 * @var boolean
137 */
138 public $writeStdLog = false;
139
140 /**
141 * If the writelog() functions is called if a login-attempt has be tried without success.
142 *
143 * @var boolean
144 */
145 public $writeAttemptLog = false;
146
147 /**
148 * This is the name of the include-file containing the login form. If not set, login CAN be anonymous. If set login IS needed.
149 *
150 * @var string
151 */
152 public $auth_include = '';
153
154 /**
155 * Array of page related information (uid, title, depth).
156 *
157 * @var array
158 */
159 public $extPageInTreeInfo = array();
160
161 /**
162 * General flag which is set if the adminpanel should be displayed at all.
163 *
164 * @var boolean
165 */
166 public $extAdmEnabled = false;
167
168 /**
169 * Class for frontend editing.
170 *
171 * @var t3lib_frontendedit
172 */
173 public $frontendEdit = null;
174
175
176 public function initializeFrontendEdit() {
177 $this->extAdminConfig = $this->getTSConfigProp('admPanel');
178
179 if (is_array($this->extAdminConfig['enable.'])) {
180 foreach($this->extAdminConfig['enable.'] as $key => $value) {
181 if ($value) {
182 // @todo Add support for controller switching (ie. TV controller)
183 require_once(PATH_t3lib . 'class.t3lib_frontendedit.php');
184 $classname = 't3lib_frontendedit';
185 $this->frontendEdit = t3lib_div::makeInstance($classname);
186 break;
187 }
188 }
189 }
190 }
191
192 /*****************************************************
193 *
194 * TSFE BE user Access Functions
195 *
196 ****************************************************/
197
198 /**
199 * Implementing the access checks that the typo3/init.php script does before a user is ever logged in.
200 * Used in the frontend.
201 *
202 * @return boolean Returns true if access is OK
203 * @see typo3/init.php, t3lib_beuserauth::backendCheckLogin()
204 */
205 public function checkBackendAccessSettingsFromInitPhp() {
206 global $TYPO3_CONF_VARS;
207
208 // **********************
209 // Check Hardcoded lock on BE:
210 // **********************
211 if ($TYPO3_CONF_VARS['BE']['adminOnly'] < 0) {
212 return false;
213 }
214
215 // **********************
216 // Check IP
217 // **********************
218 if (trim($TYPO3_CONF_VARS['BE']['IPmaskList'])) {
219 if (!t3lib_div::cmpIP(t3lib_div::getIndpEnv('REMOTE_ADDR'), $TYPO3_CONF_VARS['BE']['IPmaskList'])) {
220 return false;
221 }
222 }
223
224
225 // **********************
226 // Check SSL (https)
227 // **********************
228 if (intval($TYPO3_CONF_VARS['BE']['lockSSL']) && $TYPO3_CONF_VARS['BE']['lockSSL'] != 3) {
229 if (!t3lib_div::getIndpEnv('TYPO3_SSL')) {
230 return false;
231 }
232 }
233
234 // Finally a check from t3lib_beuserauth::backendCheckLogin()
235 if (!$TYPO3_CONF_VARS['BE']['adminOnly'] || $this->isAdmin()) {
236 return true;
237 } else {
238 return false;
239 }
240 }
241
242
243 /**
244 * Evaluates if the Backend User has read access to the input page record.
245 * The evaluation is based on both read-permission and whether the page is found in one of the users webmounts. Only if both conditions are true will the function return true.
246 * Read access means that previewing is allowed etc.
247 * Used in index_ts.php
248 *
249 * @param array The page record to evaluate for
250 * @return boolean True if read access
251 */
252 public function extPageReadAccess($pageRec) {
253 return $this->isInWebMount($pageRec['uid']) && $this->doesUserHaveAccess($pageRec, 1);
254 }
255
256 /*****************************************************
257 *
258 * TSFE BE user Access Functions
259 *
260 ****************************************************/
261
262 /**
263 * Generates a list of Page-uid's from $id. List does not include $id itself
264 * The only pages excluded from the list are deleted pages.
265 *
266 * @param integer Start page id
267 * @param integer Depth to traverse down the page tree.
268 * @param integer $begin is an optional integer that determines at which level in the tree to start collecting uid's. Zero means 'start right away', 1 = 'next level and out'
269 * @param string Perms clause
270 * @return string Returns the list with a comma in the end (if any pages selected!)
271 */
272 public function extGetTreeList($id, $depth, $begin=0, $perms_clause) {
273 $depth=intval($depth);
274 $begin=intval($begin);
275 $id=intval($id);
276 $theList='';
277
278 if ($id && $depth > 0) {
279 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
280 'uid,title',
281 'pages',
282 'pid=' . $id . ' AND doktype IN (' . $GLOBALS['TYPO3_CONF_VARS']['FE']['content_doktypes'] . ') AND deleted=0 AND ' . $perms_clause
283 );
284 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
285 if ($begin <= 0) {
286 $theList .= $row['uid'].',';
287 $this->extPageInTreeInfo[] = array($row['uid'], htmlspecialchars($row['title'],$depth));
288 }
289 if ($depth > 1) {
290 $theList .= $this->extGetTreeList($row['uid'], $depth-1, $begin-1, $perms_clause);
291 }
292 }
293 }
294 return $theList;
295 }
296
297 /**
298 * Returns the number of cached pages for a page id.
299 *
300 * @param integer The page id.
301 * @return integer The number of pages for this page in the table "cache_pages"
302 */
303 public function extGetNumberOfCachedPages($pageId) {
304 $pageCache = $GLOBALS['typo3CacheManager']->getCache('cache_pages');
305 $pageCacheEntries = $pageCache->findEntriesByTag('pageId_' . (int) $pageId);
306
307 return count($pageCacheEntries);
308 }
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330 /*****************************************************
331 *
332 * Localization handling
333 *
334 ****************************************************/
335
336 /**
337 * Returns the label for key, $key. If a translation for the language set in $this->uc['lang'] is found that is returned, otherwise the default value.
338 * IF the global variable $LOCAL_LANG is NOT an array (yet) then this function loads the global $LOCAL_LANG array with the content of "sysext/lang/locallang_tsfe.php" so that the values therein can be used for labels in the Admin Panel
339 *
340 * @param string Key for a label in the $LOCAL_LANG array of "sysext/lang/locallang_tsfe.php"
341 * @return string The value for the $key
342 */
343 public function extGetLL($key) {
344 global $LOCAL_LANG;
345 if (!is_array($LOCAL_LANG)) {
346 $GLOBALS['LANG']->includeLLFile('EXT:lang/locallang_tsfe.php');
347 #include('./'.TYPO3_mainDir.'sysext/lang/locallang_tsfe.php');
348 if (!is_array($LOCAL_LANG)) {
349 $LOCAL_LANG = array();
350 }
351 }
352
353 $labelStr = htmlspecialchars($GLOBALS['LANG']->getLL($key)); // Label string in the default backend output charset.
354
355 // Convert to utf-8, then to entities:
356 if ($GLOBALS['LANG']->charSet != 'utf-8') {
357 $labelStr = $GLOBALS['LANG']->csConvObj->utf8_encode($labelStr, $GLOBALS['LANG']->charSet);
358 }
359 $labelStr = $GLOBALS['LANG']->csConvObj->utf8_to_entities($labelStr);
360
361 // Return the result:
362 return $labelStr;
363 }
364
365 }
366
367
368 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_tsfebeuserauth.php']) {
369 include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_tsfebeuserauth.php']);
370 }
371
372 ?>