Initial revision
[Packages/TYPO3.CMS.git] / t3lib / class.t3lib_userauth.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2003 Kasper Skårhøj (kasper@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * Contains a base class for authentication of users in TYPO3, both frontend and backend.
29 *
30 * Revised for TYPO3 3.6 July/2003 by Kasper Skårhøj
31 *
32 * @author Kasper Skårhøj <kasper@typo3.com>
33 * @package TYPO3
34 * @subpackage t3lib
35 */
36 /**
37 * [CLASS/FUNCTION INDEX of SCRIPT]
38 *
39 *
40 *
41 * 84: class t3lib_userAuth
42 * 152: function start()
43 * 245: function check_authentication()
44 * 385: function redirect()
45 * 398: function logoff()
46 * 410: function gc()
47 * 421: function user_where_clause()
48 * 437: function writeUC($variable='')
49 * 460: function writelog($type,$action,$error,$details_nr,$details,$data,$tablename,$recuid,$recpid)
50 * 469: function checkLogFailures()
51 * 478: function unpack_uc($theUC='')
52 * 494: function pushModuleData($module,$data,$noSave=0)
53 * 507: function getModuleData($module,$type='')
54 * 520: function getSessionData($key)
55 * 533: function setAndSaveSessionData($key,$data)
56 * 552: function setBeUserByUid($uid)
57 * 566: function setBeUserByName($name)
58 *
59 * TOTAL FUNCTIONS: 16
60 * (This index is automatically created/updated by the extension "extdeveval")
61 *
62 */
63
64
65
66
67
68
69
70
71
72
73
74 /**
75 * Authentication of users in TYPO3
76 *
77 * This class is used to authenticate a login user.
78 * The class is used by both the frontend and backend. In both cases this class is a parent class to beuserauth and feuserauth
79 *
80 * See Inside TYPO3 for more information about the API of the class and internal variables.
81 *
82 * @author Kasper Skårhøj <kasper@typo3.com>
83 */
84 class t3lib_userAuth {
85 var $global_database = ''; // Which global database to connect to
86 var $session_table = ''; // Table to use for session data.
87 var $name = ''; // Session/Cookie name
88 var $get_name = ''; // Session/GET-var name
89
90 var $user_table = ''; // Table in database with userdata
91 var $username_column = ''; // Column for login-name
92 var $userident_column = ''; // Column for password
93 var $userid_column = ''; // Column for user-id
94 var $lastLogin_column = '';
95
96 var $enablecolumns = Array (
97 'rootLevel' => '', // Boolean: If true, 'AND pid=0' will be a part of the query...
98 'disabled' => '',
99 'starttime' => '',
100 'endtime' => '',
101 'deleted' => ''
102 );
103
104 var $formfield_uname = ''; // formfield with login-name
105 var $formfield_uident = ''; // formfield with password
106 var $formfield_chalvalue = ''; // formfield with a unique value which is used to encrypt the password and username
107 var $formfield_status = ''; // formfield with status: *'login', 'logout'. If empty login is not verified.
108 var $security_level = ''; // sets the level of security. *'normal' = clear-text. 'challenged' = hashed password/username from form in $formfield_uident. 'superchallenged' = hashed password hashed again with username.
109
110 var $auth_include = ''; // this is the name of the include-file containing the login form. If not set, login CAN be anonymous. If set login IS needed.
111
112 var $auth_timeout_field = 0; // if > 0 : session-timeout in seconds. if false/<0 : no timeout. if string: The string is fieldname from the usertable where the timeout can be found.
113 var $lifetime = 0; // 0 = Session-cookies. If session-cookies, the browser will stop session when the browser is closed. Else it keeps the session for $lifetime seconds.
114 var $gc_time = 24; // GarbageCollection. Purge all session data older than $gc_time hours.
115 var $gc_probability = 1; // Possibility (in percent) for GarbageCollection to be run.
116 var $writeStdLog = 0; // Decides if the writelog() function is called at login and logout
117 var $writeAttemptLog = 0; // If the writelog() functions is called if a login-attempt has be tried without success
118 var $sendNoCacheHeaders = 1; // If this is set, headers is sent to assure, caching is NOT done
119 var $getFallBack = 0; // If this is set, authentication is also accepted by the HTTP_GET_VARS. Notice that the identification is NOT 128bit MD5 hash but reduced. This is done in order to minimize the size for mobile-devices, such as WAP-phones
120 var $hash_length = 32; // The ident-hash is normally 32 characters and should be! But if you are making sites for WAP-devices og other lowbandwidth stuff, you may shorten the length. Never let this value drop below 6. A length of 6 would give you more than 16 mio possibilities.
121 var $getMethodEnabled = 0; // Setting this flag true lets user-authetication happen from GET_VARS if POST_VARS are not set. Thus you may supply username/password from the URL.
122
123 var $warningEmail = ''; // warning -emailaddress:
124 var $warningPeriod = 3600; // Period back in time (in seconds) in which number of failed logins are collected
125 var $warningMax = 3; // The maximum accepted number of warnings before an email is sent
126 var $checkPid=1; // If set, the user-record must $checkPid_value as pid
127 var $checkPid_value=0; // The pid, the user-record must have as page-id
128
129 // Internals
130 var $id; // Internal: Will contain session_id (MD5-hash)
131 var $cookieId; // Internal: Will contain the session_id gotten from cookie or GET method. This is used in statistics as a reliable cookie (one which is known to come from HTTP_COOKIE_VARS).
132 var $loginSessionStarted = 0; // Will be set to 1 if the login session is actually written during auth-check.
133
134 var $user; // Internal: Will contain user- AND session-data from database (joined tables)
135 var $get_URL_ID = ''; // Internal: Will will be set to the url--ready (eg. '&login=ab7ef8d...') GET-auth-var if getFallBack is true. Should be inserted in links!
136
137 var $forceSetCookie=0; // Will force the session cookie to be set everytime (liftime must be 0)
138 var $dontSetCookie=0; // Will prevent the setting of the session cookie (takes precedence over forceSetCookie.
139
140
141 /**
142 * Starts a user session
143 * Typical configurations will:
144 * a) check if session cookie was set and if not, set one,
145 * b) check if a password/username was sent and if so, try to authenticate the user
146 * c) Lookup a session attached to a user and check timeout etc.
147 * d) Garbage collection, setting of no-cache headers.
148 * If a user is authenticated the database record of the user (array) will be set in the ->user internal variable.
149 *
150 * @return void
151 */
152 function start() {
153 global $HTTP_COOKIE_VARS, $HTTP_GET_VARS;
154
155 // Init vars.
156 $mode='';
157 $new_id = false; // Default: not a new session
158 $id = isset($HTTP_COOKIE_VARS[$this->name]) ? $HTTP_COOKIE_VARS[$this->name] : ''; // $id is set to ses_id if cookie is present. Else set to false, which will start a new session
159 $this->hash_length = t3lib_div::intInRange($this->hash_length,6,32);
160
161 // If fallback to get mode....
162 if (!$id && $this->getFallBack && $this->get_name) {
163 $id = isset($HTTP_GET_VARS[$this->get_name]) ? $HTTP_GET_VARS[$this->get_name] : '';
164 if (strlen($id)!=$this->hash_length) $id='';
165 $mode='get';
166 }
167 $this->cookieId = $id;
168
169 if (!$id) { // If new session...
170 $id = substr(md5(uniqid('')),0,$this->hash_length); // New random session-$id is made
171 $new_id = true; // New session
172 }
173 // Internal var 'id' is set
174 $this->id = $id;
175 if ($mode=='get' && $this->getFallBack && $this->get_name) { // If fallback to get mode....
176 $this->get_URL_ID = '&'.$this->get_name.'='.$id;
177 }
178 $this->user = ''; // Make certain that NO user is set initially
179
180 // Setting cookies
181 if (($new_id || $this->forceSetCookie) && $this->lifetime==0 ) { // If new session and the cookie is a sessioncookie, we need to set it only once!
182 if (!$this->dontSetCookie) SetCookie($this->name, $id, 0, '/'); // Cookie is set
183 }
184 if ($this->lifetime > 0) { // If it is NOT a session-cookie, we need to refresh it.
185 if (!$this->dontSetCookie) SetCookie($this->name, $id, time()+$this->lifetime, '/');
186 }
187
188 // Check to see if anyone has submitted login-information and if so register the user with the session. $this->user[uid] may be used to write log...
189 if ($this->formfield_status) {
190 $this->check_authentication();
191 }
192 unset($this->user); // Make certain that NO user is set initially. ->check_authentication may have set a session-record which will provide us with a user record in the next section:
193
194
195 // The session_id is used to find user in the database. Two tables are joined: The session-table with user_id of the session and the usertable with its primary key
196 $dbres=mysql(TYPO3_db,sprintf('SELECT * FROM %s, %s WHERE ses_id = "%s" AND ses_name = "%s" AND ses_userid = %s %s',
197 $this->session_table, $this->user_table, $this->id, $this->name, $this->userid_column, $this->user_where_clause())); // In order for this to work, no fields in the user-table should be named 'ses_...'
198 echo mysql_error();
199 if ($this->user = mysql_fetch_assoc($dbres)) {
200 // A user was found
201 if (is_string($this->auth_timeout_field)) {
202 $timeout = intval($this->user[$this->auth_timeout_field]); // Get timeout-time from usertable
203 } else {
204 $timeout = intval($this->auth_timeout_field); // Get timeout from object
205 }
206 // If timeout > 0 (true) and currenttime has not exceeded the latest sessions-time plus the timeout in seconds then accept user
207 // Option later on: We could check that last update was at least x seconds ago in order not to update twice in a row if one script redirects to another...
208 if ($timeout>0 && ($GLOBALS['EXEC_TIME'] < ($this->user['ses_tstamp']+$timeout) )) {
209 $dbres=mysql(TYPO3_db,sprintf('UPDATE %s SET ses_tstamp = "%s" WHERE ses_id = "%s" AND ses_name = "%s"',
210 $this->session_table, $GLOBALS['EXEC_TIME'], $this->id, $this->name));
211 $this->user['ses_tstamp']=$GLOBALS['EXEC_TIME']; // Make sure that the timestamp is also updated in the array
212 } else {
213 $this->user = '';
214 $this->logoff(); // delete any user set...
215 }
216 } else {
217 $this->logoff(); // delete any user set...
218 }
219
220 $this->redirect(); // If any redirection (inclusion of file) then it will happen in this function
221
222
223 // Set all posible headers that could ensure that the script is not cached on the client-side
224 if ($this->sendNoCacheHeaders) {
225 header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
226 header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');
227 header('Expires: 0');
228 header('Cache-Control: no-cache, must-revalidate');
229 header('Pragma: no-cache');
230 }
231
232
233 // If we're lucky we'll get to clean up old sessions....
234 if ((rand()%100) <= $this->gc_probability) {
235 $this->gc();
236 }
237 }
238
239 /**
240 * Checks if a submission of username and password is present
241 *
242 * @return string Returns "login" if login, "logout" if logout, or empty if $F_status was none of these values.
243 * @internal
244 */
245 function check_authentication() {
246 global $HTTP_POST_VARS, $HTTP_GET_VARS;
247
248 // The values fetched from input variables here are supposed to already BE slashed...
249 if ($this->getMethodEnabled) {
250 $F_status = isset($HTTP_POST_VARS[$this->formfield_status]) ? $HTTP_POST_VARS[$this->formfield_status] : $HTTP_GET_VARS[$this->formfield_status];
251 $F_uname = isset($HTTP_POST_VARS[$this->formfield_uname]) ? $HTTP_POST_VARS[$this->formfield_uname] : $HTTP_GET_VARS[$this->formfield_uname];
252 $F_uident = isset($HTTP_POST_VARS[$this->formfield_uident]) ? $HTTP_POST_VARS[$this->formfield_uident] : $HTTP_GET_VARS[$this->formfield_uident];
253 $F_chalvalue = isset($HTTP_POST_VARS[$this->formfield_chalvalue]) ? $HTTP_POST_VARS[$this->formfield_chalvalue] : $HTTP_GET_VARS[$this->formfield_chalvalue];
254 } else {
255 $F_status = $HTTP_POST_VARS[$this->formfield_status];
256 $F_uname = $HTTP_POST_VARS[$this->formfield_uname];
257 $F_uident = $HTTP_POST_VARS[$this->formfield_uident];
258 $F_chalvalue = $HTTP_POST_VARS[$this->formfield_chalvalue];
259 }
260
261 switch ($F_status) {
262 case 'login':
263 $refInfo=parse_url(t3lib_div::getIndpEnv('HTTP_REFERER'));
264 $httpHost = t3lib_div::getIndpEnv('TYPO3_HOST_ONLY');
265 if (!$this->getMethodEnabled && ($httpHost!=$refInfo['host'] && !$GLOBALS['TYPO3_CONF_VARS']['SYS']['doNotCheckReferer'])) {
266 die('Error: This host address ("'.$httpHost.'") and the referer host ("'.$refInfo['host'].'") mismatches!<br />
267 It\'s possible that the environment variable HTTP_REFERER is not passed to the script because of a proxy.<br />
268 The site administrator can disable this check in the configuration (flag: TYPO3_CONF_VARS[SYS][doNotCheckReferer]).');
269 }
270 if ($F_uident && $F_uname) {
271 // Reset this flag
272 $loginFailure=0;
273
274 // delete old user session if any
275 $this->logoff();
276
277 // Look up the new user by the username:
278 $query = sprintf('SELECT * FROM %s WHERE %s%s = "%s" %s',
279 $this->user_table,
280 ($this->checkPid?'pid IN ('.$this->checkPid_value.') AND ':''),
281 $this->username_column, $F_uname, $this->user_where_clause() );
282 $dbres=mysql(TYPO3_db,$query);
283
284 // Enter, if a user was found:
285 if ($tempuser = mysql_fetch_assoc($dbres)) {
286 // Internal user record set (temporarily)
287 $this->user = $tempuser;
288
289 // Default: not OK - will be set true if password matches in the comparison hereafter
290 $OK = false;
291
292 // check the password
293 switch ($this->security_level) {
294 case 'superchallenged': // If superchallenged the password in the database ($tempuser[$this->userident_column]) must be a md5-hash of the original password.
295 case 'challenged':
296 if ((string)$F_uident == (string)md5($tempuser[$this->username_column].':'.$tempuser[$this->userident_column].':'.$F_chalvalue)) {
297 $OK = true;
298 };
299 break;
300 default: // normal
301 if ((string)$F_uident == (string)$tempuser[$this->userident_column]) {
302 $OK = true;
303 };
304 break;
305 }
306
307 // Write session-record in case user was verified OK
308 if ($OK) {
309 // Checking the domain (lockToDomain)
310 if ($this->user['lockToDomain'] && $this->user['lockToDomain']!=t3lib_div::getIndpEnv('HTTP_HOST')) {
311 // Lock domain didn't match, so error:
312 if ($this->writeAttemptLog) {
313 $this->writelog(255,3,3,1,
314 "Login-attempt from %s (%s), username '%s', locked domain '%s' did not match '%s'!",
315 Array(t3lib_div::getIndpEnv('REMOTE_ADDR'),t3lib_div::getIndpEnv('REMOTE_HOST'),$F_uname,$this->user['lockToDomain'],t3lib_div::getIndpEnv('HTTP_HOST')));
316 }
317 $loginFailure=1;
318 } else {
319 // The loginsession is started.
320 $this->loginSessionStarted = 1;
321
322 // Inserting session record:
323 $dbres=mysql(TYPO3_db,sprintf("INSERT INTO %s (ses_id, ses_name, ses_userid, ses_tstamp) VALUES ('%s','%s','%s','%s')",
324 $this->session_table, $this->id, $this->name, $tempuser[$this->userid_column], $GLOBALS['EXEC_TIME']));
325
326 // Updating column carrying information about last login.
327 if ($this->lastLogin_column) {
328 $dbres=mysql(TYPO3_db,sprintf("UPDATE %s SET %s='%s' WHERE %s='%s';",
329 $this->user_table, $this->lastLogin_column, $GLOBALS['EXEC_TIME'], $this->userid_column, $tempuser[$this->userid_column]));
330 }
331 // User logged in - write that to the log!
332 if ($this->writeStdLog) {
333 $this->writelog(255,1,0,1,
334 'User %s logged in from %s (%s)',
335 Array($this->user['username'],t3lib_div::getIndpEnv('REMOTE_ADDR'),t3lib_div::getIndpEnv('REMOTE_HOST')));
336 }
337 }
338 } else {
339 // Failed login attempt (wrong password) - write that to the log!
340 if ($this->writeAttemptLog) {
341 $this->writelog(255,3,3,1,
342 "Login-attempt from %s (%s), username '%s', password not accepted!",
343 Array(t3lib_div::getIndpEnv('REMOTE_ADDR'),t3lib_div::getIndpEnv('REMOTE_HOST'),$F_uname));
344 }
345 $loginFailure=1;
346 }
347 // Make sure to clear the user again!!
348 unset($this->user);
349 } else {
350 // Failed login attempt (no username found)
351 if ($this->writeAttemptLog) {
352 $this->writelog(255,3,3,2,
353 "Login-attempt from %s (%s), username '%s' not found!!",
354 Array(t3lib_div::getIndpEnv('REMOTE_ADDR'),t3lib_div::getIndpEnv('REMOTE_HOST'),$F_uname)); // Logout written to log
355 }
356 $loginFailure=1;
357 }
358
359 // If there were a login failure, check to see if a warning email should be sent:
360 if ($loginFailure) {
361 $this->checkLogFailures($this->warningEmail, $this->warningPeriod, $this->warningMax);
362 }
363 }
364
365 // Return "login" - since this was the $F_status
366 return 'login';
367 break;
368 case 'logout':
369 // Just logout:
370 if ($this->writeStdLog) $this->writelog(255,2,0,2,'User %s logged out',Array($this->user['username'])); // Logout written to log
371 $this->logoff();
372
373 // Return "logout" - since this was the $F_status
374 return 'logout';
375 break;
376 }
377 }
378
379 /**
380 * Redirect to somewhere. Obsolete, depreciated etc.
381 *
382 * @return void
383 * @ignore
384 */
385 function redirect() {
386 if (!$this->userid && $this->auth_url) { // if no userid AND an include-document for login is given
387 include ($this->auth_include);
388 exit;
389 }
390 }
391
392 /**
393 * Log out current user!
394 * Removes the current session record, sets the internal ->user array to a blank string; Thereby the current user (if any) is effectively logged out!
395 *
396 * @return void
397 */
398 function logoff() {
399 $dbres=mysql(TYPO3_db,sprintf("DELETE FROM %s WHERE ses_id = '%s' AND ses_name = '%s'",
400 $this->session_table, $this->id, $this->name));
401 $this->user = "";
402 }
403
404 /**
405 * Garbage collector, removing old expired sessions.
406 *
407 * @return void
408 * @internal
409 */
410 function gc() {
411 $dbres=mysql(TYPO3_db,sprintf("DELETE FROM %s WHERE ses_tstamp < '%s' AND ses_name = '%s'",
412 $this->session_table, time()-($this->gc_time*60*60), $this->name));
413 }
414
415 /**
416 * This returns the where-clause needed to select the user with respect flags like deleted, hidden, starttime, endtime
417 *
418 * @return string
419 * @access private
420 */
421 function user_where_clause() {
422 return (($this->enablecolumns['rootLevel']) ? 'AND pid=0 ' : '').
423 (($this->enablecolumns['disabled']) ? ' AND NOT '.$this->enablecolumns['disabled'] : '').
424 (($this->enablecolumns['deleted']) ? ' AND NOT '.$this->enablecolumns['deleted'] : '').
425 (($this->enablecolumns['starttime']) ? ' AND ('.$this->enablecolumns['starttime'].'<='.time().')' : '').
426 (($this->enablecolumns['endtime']) ? ' AND ('.$this->enablecolumns['endtime'].'=0 OR '.$this->enablecolumns['endtime'].'>'.time().')' : '');
427 }
428
429 /**
430 * This writes $variable to the user-record. This is a way of providing session-data.
431 * You can fetch the data again through $this->uc in this class!
432 * If $variable is not an array, $this->uc is saved!
433 *
434 * @param array An array you want to store for the user as session data. If $variable is not supplied (is blank string), the internal variable, ->uc, is stored by default
435 * @return void
436 */
437 function writeUC($variable='') {
438 if (is_array($this->user) && $this->user['uid']) {
439 if (!is_array($variable)) {$variable=$this->uc;}
440 $query='UPDATE '.$this->user_table.' SET uc ="'.addslashes(serialize($variable)).'" where uid='.$this->user['uid'];
441 $dbres=mysql(TYPO3_db,$query);
442 }
443 }
444
445 /**
446 * DUMMY: Writes to log database table (in some extension classes)
447 *
448 * @param N/A
449 * @param N/A
450 * @param N/A
451 * @param N/A
452 * @param N/A
453 * @param N/A
454 * @param N/A
455 * @param N/A
456 * @param N/A
457 * @return N/A
458 * @ignore
459 */
460 function writelog($type,$action,$error,$details_nr,$details,$data,$tablename,$recuid,$recpid) {
461 }
462
463 /**
464 * DUMMY: Check login failures (in some extension classes)
465 *
466 * @return void
467 * @ignore
468 */
469 function checkLogFailures() {
470 }
471
472 /**
473 * Sets $theUC as the internal variable ->uc IF $theUC is an array. If $theUC is false, the 'uc' content from the ->user array will be unserialized and restored in ->uc
474 *
475 * @param array
476 * @return void
477 */
478 function unpack_uc($theUC='') {
479 if (!$theUC) $theUC=unserialize($this->user['uc']);
480 if (is_array($theUC)) {
481 $this->uc=$theUC;
482 }
483 }
484
485 /**
486 * Stores data for a module.
487 * The data is stored with the session id so you can even check upon retrieval if the module data is from a previous session or from the current session.
488 *
489 * @param string $module is the name of the module ($MCONF['name'])
490 * @param mixed $data is the data you want to store for that module (array, string, ...)
491 * @param boolean If $noSave is set, then the ->uc array (which carries all kinds of user data) is NOT written immediately, but must be written by some subsequent call.
492 * @return void
493 */
494 function pushModuleData($module,$data,$noSave=0) {
495 $this->uc['moduleData'][$module] = $data;
496 $this->uc['moduleSessionID'][$module] = $this->id;
497 if (!$noSave) $this->writeUC();
498 }
499
500 /**
501 * Gets module data for a module (from a loaded ->uc array)
502 *
503 * @param string $module is the name of the module ($MCONF['name'])
504 * @param string If $type = 'ses' then module data is returned only if it was stored in the current session, otherwise data from a previous session will be returned (if available).
505 * @return mixed The module data if available: $this->uc['moduleData'][$module];
506 */
507 function getModuleData($module,$type='') {
508 if ($type!='ses' || $this->uc['moduleSessionID'][$module]==$this->id) {
509 return $this->uc['moduleData'][$module];
510 }
511 }
512
513 /**
514 * Returns the session data stored for $key.
515 * The data will last only for this login session since it is stored in the session table.
516 *
517 * @param string Pointer to an associative key in the session data array which is stored serialized in the field "ses_data" of the session table.
518 * @return mixed
519 */
520 function getSessionData($key) {
521 $sesDat = unserialize($this->user['ses_data']);
522 return $sesDat[$key];
523 }
524
525 /**
526 * Sets the session data ($data) for $key and writes all session data (from ->user['ses_data']) to the database.
527 * The data will last only for this login session since it is stored in the session table.
528 *
529 * @param string Pointer to an associative key in the session data array which is stored serialized in the field "ses_data" of the session table.
530 * @param mixed The variable to store in index $key
531 * @return void
532 */
533 function setAndSaveSessionData($key,$data) {
534 $sesDat = unserialize($this->user['ses_data']);
535 $sesDat[$key]=$data;
536 $this->user['ses_data']=serialize($sesDat);
537 $query = 'UPDATE '.$this->session_table.' SET ses_data="'.addslashes($this->user['ses_data']).'" WHERE ses_id="'.$this->user['ses_id'].'"';
538 $dbres=mysql(TYPO3_db,$query);
539 }
540
541 /**
542 * Raw initialization of the be_user with uid=$uid
543 * This will circumvent all login procedures and select a be_users record from the database and set the content of ->user to the record selected. Thus the BE_USER object will appear like if a user was authenticated - however without a session id and the fields from the session table of course.
544 * Will check the users for disabled, start/endtime, etc. ($this->user_where_clause())
545 *
546 * @param integer The UID of the backend user to set in ->user
547 * @return void
548 * @params integer 'uid' of be_users record to select and set.
549 * @internal
550 * @see SC_mod_tools_be_user_index::compareUsers(), SC_mod_user_setup_index::simulateUser(), freesite_admin::startCreate()
551 */
552 function setBeUserByUid($uid) {
553 $dbres=mysql(TYPO3_db,sprintf("SELECT * FROM %s WHERE uid='%s' %s", $this->user_table, intval($uid), $this->user_where_clause()));
554 echo mysql_error();
555 $this->user = mysql_fetch_assoc($dbres);
556 }
557
558 /**
559 * Raw initialization of the be_user with username=$name
560 *
561 * @param string The username to look up.
562 * @return void
563 * @see t3lib_userAuth::setBeUserByUid()
564 * @internal
565 */
566 function setBeUserByName($name) {
567 $dbres=mysql(TYPO3_db,sprintf("SELECT * FROM %s WHERE username='%s' %s", $this->user_table, addslashes($name), $this->user_where_clause()));
568 echo mysql_error();
569 $this->user = mysql_fetch_assoc($dbres);
570 }
571 }
572
573
574
575 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_userauth.php']) {
576 include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_userauth.php']);
577 }
578 ?>