d7c106c34136ac4dfb702e1dc22327b9a207ea57
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / FrontendBackendUserAuthentication.php
1 <?php
2 namespace TYPO3\CMS\Backend;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Core\Cache\Frontend\FrontendInterface;
18 use TYPO3\CMS\Core\Utility\GeneralUtility;
19 use TYPO3\CMS\Lang\LanguageService;
20
21 /**
22 * TYPO3 backend user authentication in the TSFE frontend.
23 * This includes mainly functions related to the Admin Panel
24 */
25 class FrontendBackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\BackendUserAuthentication {
26
27 /**
28 * Form field with login name.
29 *
30 * @var string
31 */
32 public $formfield_uname = '';
33
34 /**
35 * Form field with password.
36 *
37 * @var string
38 */
39 public $formfield_uident = '';
40
41 /**
42 * Decides if the writelog() function is called at login and logout.
43 *
44 * @var bool
45 */
46 public $writeStdLog = FALSE;
47
48 /**
49 * If the writelog() functions is called if a login-attempt has be tried without success.
50 *
51 * @var bool
52 */
53 public $writeAttemptLog = FALSE;
54
55 /**
56 * Array of page related information (uid, title, depth).
57 *
58 * @var array
59 */
60 public $extPageInTreeInfo = array();
61
62 /**
63 * General flag which is set if the adminpanel is enabled at all.
64 *
65 * @var bool
66 */
67 public $extAdmEnabled = FALSE;
68
69 /**
70 * @var \TYPO3\CMS\Frontend\View\AdminPanelView Instance of admin panel
71 */
72 public $adminPanel = NULL;
73
74 /**
75 * @var \TYPO3\CMS\Core\FrontendEditing\FrontendEditingController
76 */
77 public $frontendEdit = NULL;
78
79 /**
80 * @var array
81 */
82 public $extAdminConfig = array();
83
84 /**
85 * Initializes the admin panel.
86 *
87 * @return void
88 */
89 public function initializeAdminPanel() {
90 $this->extAdminConfig = $this->getTSConfigProp('admPanel');
91 if (isset($this->extAdminConfig['enable.'])) {
92 foreach ($this->extAdminConfig['enable.'] as $value) {
93 if ($value) {
94 $this->adminPanel = GeneralUtility::makeInstance(\TYPO3\CMS\Frontend\View\AdminPanelView::class);
95 $this->extAdmEnabled = TRUE;
96 break;
97 }
98 }
99 }
100 }
101
102 /**
103 * Initializes frontend editing.
104 *
105 * @return void
106 */
107 public function initializeFrontendEdit() {
108 if (isset($this->extAdminConfig['enable.']) && $this->isFrontendEditingActive()) {
109 foreach ($this->extAdminConfig['enable.'] as $value) {
110 if ($value) {
111 if ($GLOBALS['TSFE'] instanceof \TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController) {
112 // Grab the Page TSConfig property that determines which controller to use.
113 $pageTSConfig = $GLOBALS['TSFE']->getPagesTSconfig();
114 $controllerKey = isset($pageTSConfig['TSFE.']['frontendEditingController'])
115 ? $pageTSConfig['TSFE.']['frontendEditingController']
116 : 'default';
117 } else {
118 $controllerKey = 'default';
119 }
120 $controllerClass = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController'][$controllerKey];
121 if ($controllerClass) {
122 $this->frontendEdit = GeneralUtility::getUserObj($controllerClass);
123 }
124 break;
125 }
126 }
127 }
128 }
129
130 /**
131 * Determines whether frontend editing is currently active.
132 *
133 * @return bool Whether frontend editing is active
134 */
135 public function isFrontendEditingActive() {
136 return $this->extAdmEnabled && (
137 $this->adminPanel->isAdminModuleEnabled('edit') ||
138 $GLOBALS['TSFE']->displayEditIcons == 1 ||
139 $GLOBALS['TSFE']->displayFieldEditIcons == 1
140 );
141 }
142
143 /**
144 * Delegates to the appropriate view and renders the admin panel content.
145 *
146 * @return string.
147 */
148 public function displayAdminPanel() {
149 return $this->adminPanel->display();
150 }
151
152 /**
153 * Determines whether the admin panel is enabled and visible.
154 *
155 * @return bool Whether the admin panel is enabled and visible
156 */
157 public function isAdminPanelVisible() {
158 return $this->extAdmEnabled && !$this->extAdminConfig['hide'] && $GLOBALS['TSFE']->config['config']['admPanel'];
159 }
160
161 /*****************************************************
162 *
163 * TSFE BE user Access Functions
164 *
165 ****************************************************/
166 /**
167 * Implementing the access checks that the TYPO3 CMS bootstrap script does before a user is ever logged in.
168 * Used in the frontend.
169 *
170 * @return bool Returns TRUE if access is OK
171 */
172 public function checkBackendAccessSettingsFromInitPhp() {
173 // Check Hardcoded lock on BE
174 if ($GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] < 0) {
175 return FALSE;
176 }
177 // Check IP
178 if (trim($GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) {
179 $remoteAddress = GeneralUtility::getIndpEnv('REMOTE_ADDR');
180 if (!GeneralUtility::cmpIP($remoteAddress, $GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) {
181 return FALSE;
182 }
183 }
184 // Check SSL (https)
185 if ((int)$GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] && (int)$GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] !== 3) {
186 if (!GeneralUtility::getIndpEnv('TYPO3_SSL')) {
187 return FALSE;
188 }
189 }
190 // Finally a check from \TYPO3\CMS\Core\Authentication\BackendUserAuthentication::backendCheckLogin()
191 if ($this->isUserAllowedToLogin()) {
192 return TRUE;
193 } else {
194 return FALSE;
195 }
196 }
197
198 /**
199 * Evaluates if the Backend User has read access to the input page record.
200 * The evaluation is based on both read-permission and whether the page is found in one of the users webmounts.
201 * Only if both conditions are TRUE will the function return TRUE.
202 * Read access means that previewing is allowed etc.
203 * Used in index_ts.php
204 *
205 * @param array $pageRec The page record to evaluate for
206 * @return bool TRUE if read access
207 */
208 public function extPageReadAccess($pageRec) {
209 return $this->isInWebMount($pageRec['uid']) && $this->doesUserHaveAccess($pageRec, 1);
210 }
211
212 /*****************************************************
213 *
214 * TSFE BE user Access Functions
215 *
216 ****************************************************/
217 /**
218 * Generates a list of Page-uid's from $id. List does not include $id itself
219 * The only pages excluded from the list are deleted pages.
220 *
221 * @param int $id Start page id
222 * @param int $depth Depth to traverse down the page tree.
223 * @param int $begin Is an optional integer that determines at which level in the tree to start collecting uid's. Zero means 'start right away', 1 = 'next level and out'
224 * @param string $perms_clause Perms clause
225 * @return string Returns the list with a comma in the end (if any pages selected!)
226 */
227 public function extGetTreeList($id, $depth, $begin = 0, $perms_clause) {
228 $depth = (int)$depth;
229 $begin = (int)$begin;
230 $id = (int)$id;
231 $theList = '';
232 if ($id && $depth > 0) {
233 $where = 'pid=' . $id . ' AND doktype IN (' . $GLOBALS['TYPO3_CONF_VARS']['FE']['content_doktypes']
234 . ') AND deleted=0 AND ' . $perms_clause;
235 $res = $this->db->exec_SELECTquery('uid,title', 'pages', $where);
236 while (($row = $this->db->sql_fetch_assoc($res))) {
237 if ($begin <= 0) {
238 $theList .= $row['uid'] . ',';
239 $this->extPageInTreeInfo[] = array($row['uid'], htmlspecialchars($row['title'], $depth));
240 }
241 if ($depth > 1) {
242 $theList .= $this->extGetTreeList($row['uid'], $depth - 1, $begin - 1, $perms_clause);
243 }
244 }
245 $this->db->sql_free_result($res);
246 }
247 return $theList;
248 }
249
250 /**
251 * Returns the number of cached pages for a page id.
252 *
253 * @param int $pageId The page id.
254 * @return int The number of pages for this page in the table "cache_pages
255 */
256 public function extGetNumberOfCachedPages($pageId) {
257 /** @var FrontendInterface $pageCache */
258 $pageCache = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Cache\CacheManager::class)->getCache('cache_pages');
259 $pageCacheEntries = $pageCache->getByTag('pageId_' . (int)$pageId);
260 return count($pageCacheEntries);
261 }
262
263 /*****************************************************
264 *
265 * Localization handling
266 *
267 ****************************************************/
268 /**
269 * Returns the label for key. If a translation for the language set in $this->uc['lang']
270 * is found that is returned, otherwise the default value.
271 * If the global variable $LOCAL_LANG is NOT an array (yet) then this function loads
272 * the global $LOCAL_LANG array with the content of "sysext/lang/locallang_tsfe.xlf"
273 * such that the values therein can be used for labels in the Admin Panel
274 *
275 * @param string $key Key for a label in the $GLOBALS['LOCAL_LANG'] array of "sysext/lang/locallang_tsfe.xlf
276 * @return string The value for the $key
277 */
278 public function extGetLL($key) {
279 if (!is_array($GLOBALS['LOCAL_LANG'])) {
280 $this->getLanguageService()->includeLLFile('EXT:lang/locallang_tsfe.xlf');
281 if (!is_array($GLOBALS['LOCAL_LANG'])) {
282 $GLOBALS['LOCAL_LANG'] = array();
283 }
284 }
285 // Label string in the default backend output charset.
286 $labelStr = htmlspecialchars($this->getLanguageService()->getLL($key));
287 $labelStr = $this->getLanguageService()->csConvObj->utf8_to_entities($labelStr);
288 // Return the result:
289 return $labelStr;
290 }
291
292 /**
293 * @return LanguageService
294 */
295 protected function getLanguageService() {
296 return $GLOBALS['LANG'];
297 }
298
299 }