function backendCheckLogin() {
if (!$this->user['uid']) {
if (!defined('TYPO3_PROCEED_IF_NO_USER') || !TYPO3_PROCEED_IF_NO_USER) {
- t3lib_div::redirect($GLOBALS['BACK_PATH']);
+ t3lib_utility_Http::redirect($GLOBALS['BACK_PATH']);
}
} else { // ...and if that's the case, call these functions
$this->fetchGroupData(); // The groups are fetched and ready for permission checking in this initialization. Tables.php must be read before this because stuff like the modules has impact in this
if ($this->checkLockToIP()) {
- if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] || $this->isAdmin()) {
+ if ($this->isUserAllowedToLogin()) {
$this->backendSetUC(); // Setting the UC array. It's needed with fetchGroupData first, due to default/overriding of values.
$this->emailAtLogin(); // email at login - if option set.
} else {
if ($this->user['uid']) {
if (!$this->isAdmin()) {
return TRUE;
- } else die('ERROR: CLI backend user "'.$userName.'" was ADMIN which is not allowed!'.chr(10).chr(10));
- } else die('ERROR: No backend user named "'.$userName.'" was found! [Database: '.TYPO3_db.']'.chr(10).chr(10));
- } else die('ERROR: Module name, "'.$GLOBALS['MCONF']['name'].'", was not prefixed with "_CLI_"'.chr(10).chr(10));
- } else die('ERROR: Another user was already loaded which is impossible in CLI mode!'.chr(10).chr(10));
+ } else die('ERROR: CLI backend user "'.$userName.'" was ADMIN which is not allowed!'.LF.LF);
+ } else die('ERROR: No backend user named "'.$userName.'" was found! [Database: '.TYPO3_db.']'.LF.LF);
+ } else die('ERROR: Module name, "'.$GLOBALS['MCONF']['name'].'", was not prefixed with "_CLI_"'.LF.LF);
+ } else die('ERROR: Another user was already loaded which is impossible in CLI mode!'.LF.LF);
}
}
$prefix='[AdminLoginWarning]';
}
if ($warn) {
- mail($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'],
+ t3lib_utility_Mail::mail($GLOBALS['TYPO3_CONF_VARS']['BE']['warning_email_addr'],
$prefix.' '.$subject,
$msg,
$this->notifyHeader
// If An email should be sent to the current user, do that:
if ($this->uc['emailMeAtLogin'] && strstr($this->user['email'],'@')) {
- mail($this->user['email'],
+ t3lib_utility_Mail::mail($this->user['email'],
$subject,
$msg,
$this->notifyHeader
}
/**
- * VeriCode returns 10 first chars of a md5 hash of the session cookie AND the encryptionKey from TYPO3_CONF_VARS.
- * This code is used as an alternative verification when the JavaScript interface executes cmd's to tce_db.php from eg. MSIE 5.0 because the proper referer is not passed with this browser...
+ * Determines whether a backend user is allowed to access the backend.
*
- * @return string
+ * The conditions are:
+ * + backend user is a regular user and adminOnly is not defined
+ * + backend user is an admin user
+ * + backend user is used in CLI context and adminOnly is explicitely set to "2"
+ *
+ * @return boolean Whether a backend user is allowed to access the backend
*/
- function veriCode() {
- return substr(md5($this->id.$GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']),0,10);
- }
-
-
- /**
- * The session_id is used to find user in the database.
- * Two tables are joined: The session-table with user_id of the session and the usertable with its primary key
- * if the client is flash (e.g. from a flash application inside TYPO3 that does a server request)
- * then don't evaluate with the hashLockClause, as the client/browser is included in this hash
- * and thus, the flash request would be rejected
- *
- * @return DB result object or false on error
- * @access private
- */
- protected function fetchUserSessionFromDB() {
- if ($GLOBALS['CLIENT']['BROWSER'] == 'flash') {
- // if on the flash client, the veri code is valid, then the user session is fetched
- // from the DB without the hashLock clause
- if (t3lib_div::_GP('vC') == $this->veriCode()) {
- $dbres = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
- '*',
- $this->session_table.','.$this->user_table,
- $this->session_table.'.ses_id = '.$GLOBALS['TYPO3_DB']->fullQuoteStr($this->id, $this->session_table).'
- AND '.$this->session_table.'.ses_name = '.$GLOBALS['TYPO3_DB']->fullQuoteStr($this->name, $this->session_table).'
- AND '.$this->session_table.'.ses_userid = '.$this->user_table.'.'.$this->userid_column.'
- '.$this->ipLockClause().'
- '.$this->user_where_clause()
- );
- } else {
- $dbres = false;
- }
- } else {
- $dbres = parent::fetchUserSessionFromDB();
+ protected function isUserAllowedToLogin() {
+ $isUserAllowedToLogin = FALSE;
+ $adminOnlyMode = $GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'];
+
+ // Backend user is allowed if adminOnly is not set or user is an admin:
+ if (!$adminOnlyMode || $this->isAdmin()) {
+ $isUserAllowedToLogin = TRUE;
+ // Backend user is allowed if adminOnly is set to 2 (CLI) and a CLI process is running:
+ } elseif ($adminOnlyMode == 2 && defined('TYPO3_cliMode') && TYPO3_cliMode) {
+ $isUserAllowedToLogin = TRUE;
}
- return $dbres;
+
+ return $isUserAllowedToLogin;
}
}
projects / Packages / TYPO3.CMS.git / blobdiff