[BUGFIX] t3lib_BEfunc::getViewDomain() returns wrong or no domain
[Packages/TYPO3.CMS.git] / t3lib / class.t3lib_tsfebeuserauth.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2011 Kasper Skårhøj (kasperYYYY@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * Class for TYPO3 backend user authentication in the TSFE frontend
29 *
30 * Revised for TYPO3 3.6 July/2003 by Kasper Skårhøj
31 * XHTML compliant
32 *
33 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
34 */
35
36
37 /**
38 * TYPO3 backend user authentication in the TSFE frontend.
39 * This includes mainly functions related to the Admin Panel
40 *
41 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
42 * @package TYPO3
43 * @subpackage t3lib
44 */
45 class t3lib_tsfeBeUserAuth extends t3lib_beUserAuth {
46 /**
47 * Form field with login name.
48 *
49 * @var string
50 */
51 public $formfield_uname = '';
52
53 /**
54 * Form field with password.
55 *
56 * @var string
57 */
58 public $formfield_uident = '';
59
60 /**
61 * Form field with a unique value which is used to encrypt the password and username.
62 *
63 * @var string
64 */
65 public $formfield_chalvalue = '';
66
67 /**
68 * Sets the level of security. *'normal' = clear-text. 'challenged' = hashed password/username.
69 * from form in $formfield_uident. 'superchallenged' = hashed password hashed again with username.
70 *
71 * @var string
72 * @deprecated since 4.7 will be removed in 4.9
73 */
74 public $security_level = '';
75
76 /**
77 * Decides if the writelog() function is called at login and logout.
78 *
79 * @var boolean
80 */
81 public $writeStdLog = FALSE;
82
83 /**
84 * If the writelog() functions is called if a login-attempt has be tried without success.
85 *
86 * @var boolean
87 */
88 public $writeAttemptLog = FALSE;
89
90 /**
91 * Array of page related information (uid, title, depth).
92 *
93 * @var array
94 */
95 public $extPageInTreeInfo = array();
96
97 /**
98 * General flag which is set if the adminpanel should be displayed at all.
99 *
100 * @var boolean
101 */
102 public $extAdmEnabled = FALSE;
103
104 /**
105 * Instance of the admin panel
106 *
107 * @var tslib_AdminPanel
108 */
109 public $adminPanel = NULL;
110
111 /**
112 * Class for frontend editing.
113 *
114 * @var t3lib_frontendedit
115 */
116 public $frontendEdit = NULL;
117
118 /**
119 * Initializes the admin panel.
120 *
121 * @return void
122 */
123 public function initializeAdminPanel() {
124 $this->extAdminConfig = $this->getTSConfigProp('admPanel');
125
126 if (isset($this->extAdminConfig['enable.'])) {
127 foreach ($this->extAdminConfig['enable.'] as $key => $value) {
128 if ($value) {
129 $this->adminPanel = t3lib_div::makeInstance('tslib_AdminPanel');
130 $this->extAdmEnabled = TRUE;
131
132 break;
133 }
134 }
135 }
136 }
137
138 /**
139 * Initializes frontend editing.
140 *
141 * @return void
142 */
143 public function initializeFrontendEdit() {
144 if (isset($this->extAdminConfig['enable.']) && $this->isFrontendEditingActive()) {
145 foreach ($this->extAdminConfig['enable.'] as $key => $value) {
146 if ($value) {
147 if ($GLOBALS['TSFE'] instanceof tslib_fe) {
148 // Grab the Page TSConfig property that determines which controller to use.
149 $pageTSConfig = $GLOBALS['TSFE']->getPagesTSconfig();
150 $controllerKey = isset($pageTSConfig['TSFE.']['frontendEditingController']) ? $pageTSConfig['TSFE.']['frontendEditingController'] : 'default';
151 } else {
152 $controllerKey = 'default';
153 }
154
155 $controllerClass = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController'][$controllerKey];
156 if ($controllerClass) {
157 $this->frontendEdit = t3lib_div::getUserObj($controllerClass, FALSE);
158 }
159
160 break;
161 }
162 }
163 }
164 }
165
166 /**
167 * Determines whether frontend editing is currently active.
168 *
169 * @return boolean Wheter frontend editing is active
170 */
171 public function isFrontendEditingActive() {
172 return ($this->extAdmEnabled
173 && ($this->adminPanel->isAdminModuleEnabled('edit') && $this->adminPanel->isAdminModuleOpen('edit')
174 || $GLOBALS['TSFE']->displayEditIcons == 1)
175 );
176 }
177
178 /**
179 * Delegates to the appropriate view and renders the admin panel content.
180 *
181 * @return string.
182 */
183 public function displayAdminPanel() {
184 $content = $this->adminPanel->display();
185
186 return $content;
187 }
188
189 /**
190 * Determines whether the admin panel is enabled and visible.
191 *
192 * @return boolean Whether the admin panel is enabled and visible
193 */
194 public function isAdminPanelVisible() {
195 return ($this->extAdmEnabled && !$this->extAdminConfig['hide'] && $GLOBALS['TSFE']->config['config']['admPanel']);
196 }
197
198 /*****************************************************
199 *
200 * TSFE BE user Access Functions
201 *
202 ****************************************************/
203
204 /**
205 * Implementing the access checks that the typo3/init.php script does before a user is ever logged in.
206 * Used in the frontend.
207 *
208 * @return boolean Returns TRUE if access is OK
209 * @see typo3/init.php, t3lib_beuserauth::backendCheckLogin()
210 */
211 public function checkBackendAccessSettingsFromInitPhp() {
212
213 // **********************
214 // Check Hardcoded lock on BE:
215 // **********************
216 if ($GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] < 0) {
217 return FALSE;
218 }
219
220 // **********************
221 // Check IP
222 // **********************
223 if (trim($GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) {
224 if (!t3lib_div::cmpIP(t3lib_div::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) {
225 return FALSE;
226 }
227 }
228
229
230 // **********************
231 // Check SSL (https)
232 // **********************
233 if (intval($GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL']) && $GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] != 3) {
234 if (!t3lib_div::getIndpEnv('TYPO3_SSL')) {
235 return FALSE;
236 }
237 }
238
239 // Finally a check from t3lib_beuserauth::backendCheckLogin()
240 if ($this->isUserAllowedToLogin()) {
241 return TRUE;
242 } else {
243 return FALSE;
244 }
245 }
246
247
248 /**
249 * Evaluates if the Backend User has read access to the input page record.
250 * The evaluation is based on both read-permission and whether the page is found in one of the users webmounts. Only if both conditions are TRUE will the function return TRUE.
251 * Read access means that previewing is allowed etc.
252 * Used in index_ts.php
253 *
254 * @param array The page record to evaluate for
255 * @return boolean TRUE if read access
256 */
257 public function extPageReadAccess($pageRec) {
258 return $this->isInWebMount($pageRec['uid']) && $this->doesUserHaveAccess($pageRec, 1);
259 }
260
261 /*****************************************************
262 *
263 * TSFE BE user Access Functions
264 *
265 ****************************************************/
266
267 /**
268 * Generates a list of Page-uid's from $id. List does not include $id itself
269 * The only pages excluded from the list are deleted pages.
270 *
271 * @param integer Start page id
272 * @param integer Depth to traverse down the page tree.
273 * @param integer $begin is an optional integer that determines at which level in the tree to start collecting uid's. Zero means 'start right away', 1 = 'next level and out'
274 * @param string Perms clause
275 * @return string Returns the list with a comma in the end (if any pages selected!)
276 */
277 public function extGetTreeList($id, $depth, $begin = 0, $perms_clause) {
278 $depth = intval($depth);
279 $begin = intval($begin);
280 $id = intval($id);
281 $theList = '';
282
283 if ($id && $depth > 0) {
284 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
285 'uid,title',
286 'pages',
287 'pid=' . $id . ' AND doktype IN (' . $GLOBALS['TYPO3_CONF_VARS']['FE']['content_doktypes'] . ') AND deleted=0 AND ' . $perms_clause
288 );
289 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
290 if ($begin <= 0) {
291 $theList .= $row['uid'] . ',';
292 $this->extPageInTreeInfo[] = array($row['uid'], htmlspecialchars($row['title'], $depth));
293 }
294 if ($depth > 1) {
295 $theList .= $this->extGetTreeList($row['uid'], $depth - 1, $begin - 1, $perms_clause);
296 }
297 }
298 }
299 return $theList;
300 }
301
302 /**
303 * Returns the number of cached pages for a page id.
304 *
305 * @param integer The page id.
306 * @return integer The number of pages for this page in the table "cache_pages"
307 */
308 public function extGetNumberOfCachedPages($pageId) {
309 $pageCache = $GLOBALS['typo3CacheManager']->getCache('cache_pages');
310 $pageCacheEntries = $pageCache->getByTag('pageId_' . (int)$pageId);
311 return count($pageCacheEntries);
312 }
313
314
315 /*****************************************************
316 *
317 * Localization handling
318 *
319 ****************************************************/
320
321 /**
322 * Returns the label for key, $key. If a translation for the language set in $this->uc['lang'] is found that is returned, otherwise the default value.
323 * IF the global variable $LOCAL_LANG is NOT an array (yet) then this function loads the global $LOCAL_LANG array with the content of "sysext/lang/locallang_tsfe.php" so that the values therein can be used for labels in the Admin Panel
324 *
325 * @param string Key for a label in the $GLOBALS['LOCAL_LANG'] array of "sysext/lang/locallang_tsfe.php"
326 * @return string The value for the $key
327 */
328 public function extGetLL($key) {
329 if (!is_array($GLOBALS['LOCAL_LANG'])) {
330 $GLOBALS['LANG']->includeLLFile('EXT:lang/locallang_tsfe.php');
331 #include('./'.TYPO3_mainDir.'sysext/lang/locallang_tsfe.php');
332 if (!is_array($GLOBALS['LOCAL_LANG'])) {
333 $GLOBALS['LOCAL_LANG'] = array();
334 }
335 }
336
337 $labelStr = htmlspecialchars($GLOBALS['LANG']->getLL($key)); // Label string in the default backend output charset.
338
339 // Convert to utf-8, then to entities:
340 if ($GLOBALS['LANG']->charSet != 'utf-8') {
341 $labelStr = $GLOBALS['LANG']->csConvObj->utf8_encode($labelStr, $GLOBALS['LANG']->charSet);
342 }
343 $labelStr = $GLOBALS['LANG']->csConvObj->utf8_to_entities($labelStr);
344
345 // Return the result:
346 return $labelStr;
347 }
348
349 }
350
351
352 if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_tsfebeuserauth.php'])) {
353 include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_tsfebeuserauth.php']);
354 }
355
356 ?>