[BUGFIX] Refactored ElementInfo missed one table
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / FrontendBackendUserAuthentication.php
1 <?php
2 namespace TYPO3\CMS\Backend;
3
4 /***************************************************************
5 * Copyright notice
6 *
7 * (c) 1999-2013 Kasper Skårhøj (kasperYYYY@typo3.com)
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 * A copy is found in the textfile GPL.txt and important notices to the license
19 * from the author is found in LICENSE.txt distributed with these scripts.
20 *
21 *
22 * This script is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
26 *
27 * This copyright notice MUST APPEAR in all copies of the script!
28 ***************************************************************/
29
30 use TYPO3\CMS\Core\Utility\GeneralUtility;
31
32 /**
33 * TYPO3 backend user authentication in the TSFE frontend.
34 * This includes mainly functions related to the Admin Panel
35 *
36 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
37 */
38 class FrontendBackendUserAuthentication extends \TYPO3\CMS\Core\Authentication\BackendUserAuthentication {
39
40 /**
41 * Form field with login name.
42 *
43 * @var string
44 */
45 public $formfield_uname = '';
46
47 /**
48 * Form field with password.
49 *
50 * @var string
51 */
52 public $formfield_uident = '';
53
54 /**
55 * Form field with a unique value which is used to encrypt the password and username.
56 *
57 * @var string
58 */
59 public $formfield_chalvalue = '';
60
61 /**
62 * Sets the level of security. *'normal' = clear-text. 'challenged' = hashed password/username.
63 * from form in $formfield_uident. 'superchallenged' = hashed password hashed again with username.
64 *
65 * @var string
66 * @deprecated since 4.7 will be removed in 6.1
67 */
68 public $security_level = '';
69
70 /**
71 * Decides if the writelog() function is called at login and logout.
72 *
73 * @var boolean
74 */
75 public $writeStdLog = FALSE;
76
77 /**
78 * If the writelog() functions is called if a login-attempt has be tried without success.
79 *
80 * @var boolean
81 */
82 public $writeAttemptLog = FALSE;
83
84 /**
85 * Array of page related information (uid, title, depth).
86 *
87 * @var array
88 */
89 public $extPageInTreeInfo = array();
90
91 /**
92 * General flag which is set if the adminpanel should be displayed at all.
93 *
94 * @var boolean
95 */
96 public $extAdmEnabled = FALSE;
97
98 /**
99 * @var \TYPO3\CMS\Frontend\View\AdminPanelView Instance of admin panel
100 */
101 public $adminPanel = NULL;
102
103 /**
104 * @var \TYPO3\CMS\Core\FrontendEditing\FrontendEditingController
105 */
106 public $frontendEdit = NULL;
107
108 /**
109 * Initializes the admin panel.
110 *
111 * @return void
112 */
113 public function initializeAdminPanel() {
114 $this->extAdminConfig = $this->getTSConfigProp('admPanel');
115 if (isset($this->extAdminConfig['enable.'])) {
116 foreach ($this->extAdminConfig['enable.'] as $key => $value) {
117 if ($value) {
118 $this->adminPanel = GeneralUtility::makeInstance('TYPO3\\CMS\\Frontend\\View\\AdminPanelView');
119 $this->extAdmEnabled = TRUE;
120 break;
121 }
122 }
123 }
124 }
125
126 /**
127 * Initializes frontend editing.
128 *
129 * @return void
130 */
131 public function initializeFrontendEdit() {
132 if (isset($this->extAdminConfig['enable.']) && $this->isFrontendEditingActive()) {
133 foreach ($this->extAdminConfig['enable.'] as $key => $value) {
134 if ($value) {
135 if ($GLOBALS['TSFE'] instanceof \TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController) {
136 // Grab the Page TSConfig property that determines which controller to use.
137 $pageTSConfig = $GLOBALS['TSFE']->getPagesTSconfig();
138 $controllerKey = isset($pageTSConfig['TSFE.']['frontendEditingController']) ? $pageTSConfig['TSFE.']['frontendEditingController'] : 'default';
139 } else {
140 $controllerKey = 'default';
141 }
142 $controllerClass = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController'][$controllerKey];
143 if ($controllerClass) {
144 $this->frontendEdit = GeneralUtility::getUserObj($controllerClass, FALSE);
145 }
146 break;
147 }
148 }
149 }
150 }
151
152 /**
153 * Determines whether frontend editing is currently active.
154 *
155 * @return boolean Wheter frontend editing is active
156 */
157 public function isFrontendEditingActive() {
158 return $this->extAdmEnabled && ($this->adminPanel->isAdminModuleEnabled('edit') && $this->adminPanel->isAdminModuleOpen('edit') || $GLOBALS['TSFE']->displayEditIcons == 1);
159 }
160
161 /**
162 * Delegates to the appropriate view and renders the admin panel content.
163 *
164 * @return string.
165 */
166 public function displayAdminPanel() {
167 $content = $this->adminPanel->display();
168 return $content;
169 }
170
171 /**
172 * Determines whether the admin panel is enabled and visible.
173 *
174 * @return boolean Whether the admin panel is enabled and visible
175 */
176 public function isAdminPanelVisible() {
177 return $this->extAdmEnabled && !$this->extAdminConfig['hide'] && $GLOBALS['TSFE']->config['config']['admPanel'];
178 }
179
180 /*****************************************************
181 *
182 * TSFE BE user Access Functions
183 *
184 ****************************************************/
185 /**
186 * Implementing the access checks that the typo3/init.php script does before a user is ever logged in.
187 * Used in the frontend.
188 *
189 * @return boolean Returns TRUE if access is OK
190 */
191 public function checkBackendAccessSettingsFromInitPhp() {
192 // Check Hardcoded lock on BE
193 if ($GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] < 0) {
194 return FALSE;
195 }
196 // Check IP
197 if (trim($GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) {
198 if (!GeneralUtility::cmpIP(GeneralUtility::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) {
199 return FALSE;
200 }
201 }
202 // Check SSL (https)
203 if (intval($GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL']) && $GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] != 3) {
204 if (!GeneralUtility::getIndpEnv('TYPO3_SSL')) {
205 return FALSE;
206 }
207 }
208 // Finally a check from \TYPO3\CMS\Core\Authentication\BackendUserAuthentication::backendCheckLogin()
209 if ($this->isUserAllowedToLogin()) {
210 return TRUE;
211 } else {
212 return FALSE;
213 }
214 }
215
216 /**
217 * Evaluates if the Backend User has read access to the input page record.
218 * The evaluation is based on both read-permission and whether the page is found in one of the users webmounts. Only if both conditions are TRUE will the function return TRUE.
219 * Read access means that previewing is allowed etc.
220 * Used in index_ts.php
221 *
222 * @param array $pageRec The page record to evaluate for
223 * @return boolean TRUE if read access
224 */
225 public function extPageReadAccess($pageRec) {
226 return $this->isInWebMount($pageRec['uid']) && $this->doesUserHaveAccess($pageRec, 1);
227 }
228
229 /*****************************************************
230 *
231 * TSFE BE user Access Functions
232 *
233 ****************************************************/
234 /**
235 * Generates a list of Page-uid's from $id. List does not include $id itself
236 * The only pages excluded from the list are deleted pages.
237 *
238 * @param integer $id Start page id
239 * @param integer $depth Depth to traverse down the page tree.
240 * @param integer $begin Is an optional integer that determines at which level in the tree to start collecting uid's. Zero means 'start right away', 1 = 'next level and out'
241 * @param string $perms_clause Perms clause
242 * @return string Returns the list with a comma in the end (if any pages selected!)
243 */
244 public function extGetTreeList($id, $depth, $begin = 0, $perms_clause) {
245 $depth = intval($depth);
246 $begin = intval($begin);
247 $id = intval($id);
248 $theList = '';
249 if ($id && $depth > 0) {
250 $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid,title', 'pages', 'pid=' . $id . ' AND doktype IN (' . $GLOBALS['TYPO3_CONF_VARS']['FE']['content_doktypes'] . ') AND deleted=0 AND ' . $perms_clause);
251 while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
252 if ($begin <= 0) {
253 $theList .= $row['uid'] . ',';
254 $this->extPageInTreeInfo[] = array($row['uid'], htmlspecialchars($row['title'], $depth));
255 }
256 if ($depth > 1) {
257 $theList .= $this->extGetTreeList($row['uid'], $depth - 1, $begin - 1, $perms_clause);
258 }
259 }
260 $GLOBALS['TYPO3_DB']->sql_free_result($res);
261 }
262 return $theList;
263 }
264
265 /**
266 * Returns the number of cached pages for a page id.
267 *
268 * @param integer $pageId The page id.
269 * @return integer The number of pages for this page in the table "cache_pages
270 */
271 public function extGetNumberOfCachedPages($pageId) {
272 $pageCache = $GLOBALS['typo3CacheManager']->getCache('cache_pages');
273 $pageCacheEntries = $pageCache->getByTag('pageId_' . (int) $pageId);
274 return count($pageCacheEntries);
275 }
276
277 /*****************************************************
278 *
279 * Localization handling
280 *
281 ****************************************************/
282 /**
283 * Returns the label for key, $key. If a translation for the language set in $this->uc['lang'] is found that is returned, otherwise the default value.
284 * IF the global variable $LOCAL_LANG is NOT an array (yet) then this function loads the global $LOCAL_LANG array with the content of "sysext/lang/locallang_tsfe.xlf" so that the values therein can be used for labels in the Admin Panel
285 *
286 * @param string $key Key for a label in the $GLOBALS['LOCAL_LANG'] array of "sysext/lang/locallang_tsfe.xlf
287 * @return string The value for the $key
288 */
289 public function extGetLL($key) {
290 if (!is_array($GLOBALS['LOCAL_LANG'])) {
291 $GLOBALS['LANG']->includeLLFile('EXT:lang/locallang_tsfe.xlf');
292 if (!is_array($GLOBALS['LOCAL_LANG'])) {
293 $GLOBALS['LOCAL_LANG'] = array();
294 }
295 }
296 // Label string in the default backend output charset.
297 $labelStr = htmlspecialchars($GLOBALS['LANG']->getLL($key));
298 $labelStr = $GLOBALS['LANG']->csConvObj->utf8_to_entities($labelStr);
299 // Return the result:
300 return $labelStr;
301 }
302
303 }
304
305
306 ?>