Fixed bug #15580: Add calls to logDeprecatedFunction() for more deprecated functions...
[Packages/TYPO3.CMS.git] / t3lib / class.t3lib_beuserauth.php
index 1929e32..886bed6 100644 (file)
@@ -2,7 +2,7 @@
 /***************************************************************
 *  Copyright notice
 *
-*  (c) 1999-2009 Kasper Skaarhoj (kasperYYYY@typo3.com)
+*  (c) 1999-2010 Kasper Skårhøj (kasperYYYY@typo3.com)
 *  All rights reserved
 *
 *  This script is part of the TYPO3 project. The TYPO3 project is
@@ -28,9 +28,9 @@
  * Contains class for TYPO3 backend user authentication
  *
  * $Id$
- * Revised for TYPO3 3.6 July/2003 by Kasper Skaarhoj
+ * Revised for TYPO3 3.6 July/2003 by Kasper Skårhøj
  *
- * @author     Kasper Skaarhoj <kasperYYYY@typo3.com>
+ * @author     Kasper Skårhøj <kasperYYYY@typo3.com>
  * @internal
  */
 /**
@@ -69,7 +69,7 @@
  * t3lib_userauthgroup contains most of the functions used for checking permissions, authenticating users, setting up the user etc. This class is most interesting in terms of an API for user from outside.
  * This class contains the configuration of the database fields used plus some functions for the authentication process of backend users.
  *
- * @author     Kasper Skaarhoj <kasperYYYY@typo3.com>
+ * @author     Kasper Skårhøj <kasperYYYY@typo3.com>
  * @package TYPO3
  * @subpackage t3lib
  */
@@ -160,9 +160,11 @@ class t3lib_beUserAuth extends t3lib_userAuthGroup {
         *
         * @param       boolean         Activate insertion of the URL.
         * @return      void
-        * @deprecated since TYPO3 3.6
+        * @deprecated since TYPO3 3.6, this function will be removed in TYPO3 4.6.
         */
        function trackBeUser($flag)     {
+               t3lib_div::logDeprecatedFunction();
+
                if ($flag && t3lib_extMgm::isLoaded('beuser_tracking')) {
                        $insertFields = array(
                                'userid' => intval($this->user['uid']),
@@ -203,12 +205,12 @@ class t3lib_beUserAuth extends t3lib_userAuthGroup {
        function backendCheckLogin()    {
                if (!$this->user['uid'])        {
                        if (!defined('TYPO3_PROCEED_IF_NO_USER') || !TYPO3_PROCEED_IF_NO_USER)  {
-                               t3lib_div::redirect($GLOBALS['BACK_PATH']);
+                               t3lib_utility_Http::redirect($GLOBALS['BACK_PATH']);
                        }
                } else {        // ...and if that's the case, call these functions
                        $this->fetchGroupData();        //      The groups are fetched and ready for permission checking in this initialization.        Tables.php must be read before this because stuff like the modules has impact in this
                        if ($this->checkLockToIP())     {
-                               if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] || $this->isAdmin())        {
+                               if ($this->isUserAllowedToLogin()) {
                                        $this->backendSetUC();          // Setting the UC array. It's needed with fetchGroupData first, due to default/overriding of values.
                                        $this->emailAtLogin();          // email at login - if option set.
                                } else {
@@ -229,7 +231,7 @@ class t3lib_beUserAuth extends t3lib_userAuthGroup {
         */
        function checkCLIuser() {
                        // First, check if cliMode is enabled:
-               if (defined('TYPO3_cliMode') && TYPO3_cliMode)  {
+               if (TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_CLI) {
                        if (!$this->user['uid'])        {
                                if (substr($GLOBALS['MCONF']['name'],0,5)=='_CLI_')     {
                                        $userName = strtolower($GLOBALS['MCONF']['name']);
@@ -237,10 +239,10 @@ class t3lib_beUserAuth extends t3lib_userAuthGroup {
                                        if ($this->user['uid']) {
                                                if (!$this->isAdmin())  {
                                                        return TRUE;
-                                               } else die('ERROR: CLI backend user "'.$userName.'" was ADMIN which is not allowed!'.chr(10).chr(10));
-                                       } else die('ERROR: No backend user named "'.$userName.'" was found! [Database: '.TYPO3_db.']'.chr(10).chr(10));
-                               } else die('ERROR: Module name, "'.$GLOBALS['MCONF']['name'].'", was not prefixed with "_CLI_"'.chr(10).chr(10));
-                       } else die('ERROR: Another user was already loaded which is impossible in CLI mode!'.chr(10).chr(10));
+                                               } else die('ERROR: CLI backend user "'.$userName.'" was ADMIN which is not allowed!'.LF.LF);
+                                       } else die('ERROR: No backend user named "'.$userName.'" was found! [Database: '.TYPO3_db.']'.LF.LF);
+                               } else die('ERROR: Module name, "'.$GLOBALS['MCONF']['name'].'", was not prefixed with "_CLI_"'.LF.LF);
+                       } else die('ERROR: Another user was already loaded which is impossible in CLI mode!'.LF.LF);
                }
        }
 
@@ -279,6 +281,11 @@ class t3lib_beUserAuth extends t3lib_userAuthGroup {
                        $this->uc['lang']=$this->user['lang'];
                        $U=1;
                }
+                       // Setting the time of the first login:
+               if (!isset($this->uc['firstLoginTimeStamp'])) {
+                       $this->uc['firstLoginTimeStamp'] = $GLOBALS['EXEC_TIME'];
+                       $U = TRUE;
+               }
 
                        // Saving if updated.
                if ($U) {
@@ -343,7 +350,7 @@ class t3lib_beUserAuth extends t3lib_userAuthGroup {
                                        $prefix='[AdminLoginWarning]';
                                }
                                if ($warn)      {
-                                       mail($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'],
+                                       t3lib_utility_Mail::mail($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'],
                                                $prefix.' '.$subject,
                                                $msg,
                                                $this->notifyHeader
@@ -353,7 +360,7 @@ class t3lib_beUserAuth extends t3lib_userAuthGroup {
 
                                // If An email should be sent to the current user, do that:
                        if ($this->uc['emailMeAtLogin'] && strstr($this->user['email'],'@'))    {
-                               mail($this->user['email'],
+                               t3lib_utility_Mail::mail($this->user['email'],
                                        $subject,
                                        $msg,
                                        $this->notifyHeader
@@ -363,47 +370,28 @@ class t3lib_beUserAuth extends t3lib_userAuthGroup {
        }
 
        /**
-        * VeriCode returns 10 first chars of a md5 hash of the session cookie AND the encryptionKey from TYPO3_CONF_VARS.
-        * This code is used as an alternative verification when the JavaScript interface executes cmd's to tce_db.php from eg. MSIE 5.0 because the proper referer is not passed with this browser...
+        * Determines whether a backend user is allowed to access the backend.
         *
-        * @return      string
-        */
-       function veriCode()     {
-               return substr(md5($this->id.$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']),0,10);
-       }
-
-
-       /**
-        * The session_id is used to find user in the database.
-        * Two tables are joined: The session-table with user_id of the session and the usertable with its primary key
-        * if the client is flash (e.g. from a flash application inside TYPO3 that does a server request)
-        * then don't evaluate with the hashLockClause, as the client/browser is included in this hash
-        * and thus, the flash request would be rejected
+        * The conditions are:
+        *      + backend user is a regular user and adminOnly is not defined
+        *      + backend user is an admin user
+        *      + backend user is used in CLI context and adminOnly is explicitely set to "2"
         *
-        * @return DB result object or false on error
-        * @access private
+        * @return      boolean         Whether a backend user is allowed to access the backend
         */
-       protected function fetchUserSessionFromDB() {
-               if ($GLOBALS['CLIENT']['BROWSER'] == 'flash') {
-                       // if on the flash client, the veri code is valid, then the user session is fetched
-                       // from the DB without the hashLock clause
-                       if (t3lib_div::_GP('vC') == $this->veriCode()) {
-                               $dbres = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
-                                               '*',
-                                               $this->session_table.','.$this->user_table,
-                                               $this->session_table.'.ses_id = '.$GLOBALS['TYPO3_DB']->fullQuoteStr($this->id, $this->session_table).'
-                                                       AND '.$this->session_table.'.ses_name = '.$GLOBALS['TYPO3_DB']->fullQuoteStr($this->name, $this->session_table).'
-                                                       AND '.$this->session_table.'.ses_userid = '.$this->user_table.'.'.$this->userid_column.'
-                                                       '.$this->ipLockClause().'
-                                                       '.$this->user_where_clause()
-                               );
-                       } else {
-                               $dbres = false;
-                       }
-               } else {
-                       $dbres = parent::fetchUserSessionFromDB();
+       protected function isUserAllowedToLogin() {
+               $isUserAllowedToLogin = FALSE;
+               $adminOnlyMode = $GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'];
+
+                       // Backend user is allowed if adminOnly is not set or user is an admin:
+               if (!$adminOnlyMode || $this->isAdmin()) {
+                       $isUserAllowedToLogin = TRUE;
+                       // Backend user is allowed if adminOnly is set to 2 (CLI) and a CLI process is running:
+               } elseif ($adminOnlyMode == 2 && (TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_CLI)) {
+                       $isUserAllowedToLogin = TRUE;
                }
-               return $dbres;
+
+               return $isUserAllowedToLogin;
        }
 }