introduce system services used for authentication for now
authorRené Fritz <r.fritz@colorcube.de>
Tue, 8 Jun 2004 13:46:40 +0000 (13:46 +0000)
committerRené Fritz <r.fritz@colorcube.de>
Tue, 8 Jun 2004 13:46:40 +0000 (13:46 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@357 709f56b5-9817-0410-a4d7-c38de5d9e867

typo3/sysext/sv/class.tx_sv_auth.php [new file with mode: 0644]
typo3/sysext/sv/class.tx_sv_authbase.php [new file with mode: 0644]
typo3/sysext/sv/ext_emconf.php [new file with mode: 0644]
typo3/sysext/sv/ext_icon.gif [new file with mode: 0644]
typo3/sysext/sv/ext_localconf.php [new file with mode: 0644]
typo3/sysext/sv/ext_tables.php [new file with mode: 0644]

diff --git a/typo3/sysext/sv/class.tx_sv_auth.php b/typo3/sysext/sv/class.tx_sv_auth.php
new file mode 100644 (file)
index 0000000..e2e9766
--- /dev/null
@@ -0,0 +1,194 @@
+<?php
+/***************************************************************
+*  Copyright notice
+*
+*  (c) 1999-2004 Kasper Skaarhoj (kasper@typo3.com)
+*  All rights reserved
+*
+*  This script is part of the TYPO3 project. The TYPO3 project is
+*  free software; you can redistribute it and/or modify
+*  it under the terms of the GNU General Public License as published by
+*  the Free Software Foundation; either version 2 of the License, or
+*  (at your option) any later version.
+*
+*  The GNU General Public License can be found at
+*  http://www.gnu.org/copyleft/gpl.html.
+*
+*  This script is distributed in the hope that it will be useful,
+*  but WITHOUT ANY WARRANTY; without even the implied warranty of
+*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*  GNU General Public License for more details.
+*
+*  This copyright notice MUST APPEAR in all copies of the script!
+***************************************************************/
+/**
+ * Service 'User authentication' for the 'sv' extension.
+ *
+ * @author     Kasper Skaarhoj <kasper@typo3.com>
+ * @coauthor   René Fritz <r.fritz@colorcube.de>
+ */
+
+
+
+class tx_sv_auth extends tx_sv_authbase        {
+
+
+       /**
+        * find a user
+        *
+        * @return      mixed   user array or false
+        */
+       function getUser()      {
+               $user = false;
+
+               if ($this->login['uident'] && $this->login['uname'])    {
+
+                               // Look up the new user by the username:
+                       $dbres = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
+                                                       '*',
+                                                       $this->db_user['table'],
+                                                               $this->db_user['username_column'].'="'.$GLOBALS['TYPO3_DB']->quoteStr($this->login['uname'], $this->db_user['table']).'"'.
+                                                               $this->db_user['check_pid_clause'].
+                                                               $this->db_user['enable_clause']
+                                       );
+
+                       if ($dbres)     {
+                               $user = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($dbres);
+                               $GLOBALS['TYPO3_DB']->sql_free_result($dbres);
+                       }
+                       
+                       if(!is_array($user)) {
+                                       // Failed login attempt (no username found)
+                               if ($this->pObj->writeAttemptLog) {
+                                       $this->writelog(255,3,3,2,
+                                               "Login-attempt from %s (%s), username '%s' not found!!",
+                                               Array($this->info['REMOTE_ADDR'], $this->info['REMOTE_HOST'], $this->login['uname']));  // Logout written to log
+                               }
+                       } else {
+                               if ($this->writeDevLog)         t3lib_div::devLog('User found: '.t3lib_div::arrayToLogString($user, array($this->db_user['userid_column'],$this->db_user['username_column'])), 'tx_sv_auth');
+                       }
+               }
+               return $user;
+       }
+
+       /**
+        * authenticate a user
+        *
+        * @param       array   Data of user.
+        * @param       array   Information array. Holds submitted form data etc.
+        * @param       string  subtype of the service which is used to call this service.
+        * @return      boolean
+        */
+       function authUser($user)        {
+               $OK = 100;
+
+               if ($this->login['uident'] && $this->login['uname'])    {
+                       $OK = false;
+                       
+                               // check the password
+                       switch ($this->info['security_level'])  {
+                               case 'superchallenged':         // If superchallenged the password in the database ($user[$this->db_user['userident_column']]) must be a md5-hash of the original password.
+                               case 'challenged':
+                                       if ((string)$this->login['uident'] == (string)md5($user[$this->db_user['username_column']].':'.$user[$this->db_user['userident_column']].':'.$this->login['chalvalue']))        {
+                                               $OK = true;
+                                       };
+                               break;
+                               default:        // normal
+                                       if ((string)$this->login['uident'] == (string)$user[$this->db_user['userident_column']])        {
+                                               $OK = true;
+                                       };
+                               break;
+                       }
+
+                       if(!$OK)     {
+                                       // Failed login attempt (wrong password) - write that to the log!
+                               if ($this->writeAttemptLog) {
+                                       $this->writelog(255,3,3,1,
+                                               "Login-attempt from %s (%s), username '%s', password not accepted!",
+                                               Array($this->info['REMOTE_ADDR'], $this->info['REMOTE_HOST'], $this->login['uname']));
+                               }
+                               if ($this->writeDevLog)         t3lib_div::devLog('Password not accepted: '.$this->login['uident'], 'tx_sv_auth', 2);
+                       }
+
+                               // Checking the domain (lockToDomain)
+                       if ($OK && $user['lockToDomain'] && $user['lockToDomain']!=$this->info['HTTP_HOST'])    {
+                                       // Lock domain didn't match, so error:
+                               if ($this->writeAttemptLog) {
+                                       $this->writelog(255,3,3,1,
+                                               "Login-attempt from %s (%s), username '%s', locked domain '%s' did not match '%s'!",
+                                               Array($this->info['REMOTE_ADDR'], $this->info['REMOTE_HOST'], $user[$this->db_user['username_column']], $user['lockToDomain'], $this->info['HTTP_HOST']));
+                               }
+                               $OK = false;
+                       }
+               } elseif ($info['userSession'][$this->db_user['userid_column']]) {
+                               // There's already a cookie session user. That's fine
+                       $OK = true;
+               }
+
+               return $OK;
+       }
+
+
+       /**
+        * find usergroups
+        *
+        * @param       array   Data of user.
+        * @param       array   Group data array of already known groups. This is handy if you want select other related groups.
+        * @param       string  subtype of the service which is used to call this service.
+        * @return      mixed   groups array
+        */
+       function getGroups($user, $knownGroups) {
+
+               $groupDataArr = array();
+               
+               if($this->mode=='getGroupsFE')  {
+
+                       $groups = array();
+
+                       if (is_array($user) && $user[$this->db_user['usergroup_column']])       {
+                               $groups = t3lib_div::intExplode(',',$user[$this->db_user['usergroup_column']]);
+                       }
+
+
+                               // ADD group-numbers if the IPmask matches.
+                       if (is_array($this->pObj->TYPO3_CONF_VARS['FE']['IPmaskMountGroups']))  {
+                               foreach($this->pObj->TYPO3_CONF_VARS['FE']['IPmaskMountGroups'] as $IPel)       {
+                                       if ($this->info['REMOTE_ADDR'] && $IPel[0] && t3lib_div::cmpIP($this->info['REMOTE_ADDR'],$IPel[0]))    {$groups[]=intval($IPel[1]);}
+                               }
+                       }
+                       $groups = array_unique($groups);
+
+                       if (count($groups))     {
+                               $list = implode($groups,',');
+                               
+                               if ($this->writeDevLog)         t3lib_div::devLog('Get usergroups with id: '.$list, 'tx_sv_auth');
+
+                               $lockToDomain_SQL = ' AND (lockToDomain="" OR lockToDomain="'.$this->info['HTTP_HOST'].'")';
+                               if (!$this->info['showHiddenRecords'])  $hiddenP = 'AND NOT hidden ';
+                               $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', $this->db_groups['table'], 'NOT deleted '.$hiddenP.' AND uid IN ('.$list.')'.$lockToDomain_SQL);
+                               while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))      {
+                                       $groupDataArr[$row['uid']] = $row;
+                               }
+                               if ($res)       $GLOBALS['TYPO3_DB']->sql_free_result($res);
+                               
+                       } else {
+                               if ($this->writeDevLog)         t3lib_div::devLog('No usergroups found.', 'tx_sv_auth', 2);
+                       }
+
+
+               } elseif ($this->mode=='getGroupsBE') {
+
+                       # Get the BE groups here
+                       # still needs to be implemented in t3lib_userauthgroup
+               }
+               
+               return $groupDataArr;
+       }
+}
+
+
+
+if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/sv/class.tx_sv_auth.php'])    {
+       include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['ext/sv/class.tx_sv_auth.php']);
+}
+?>
\ No newline at end of file
diff --git a/typo3/sysext/sv/class.tx_sv_authbase.php b/typo3/sysext/sv/class.tx_sv_authbase.php
new file mode 100644 (file)
index 0000000..77f1a50
--- /dev/null
@@ -0,0 +1,94 @@
+<?php
+/***************************************************************
+*  Copyright notice
+*
+*  (c) 1999-2004 Kasper Skaarhoj (kasper@typo3.com)
+*  All rights reserved
+*
+*  This script is part of the TYPO3 project. The TYPO3 project is
+*  free software; you can redistribute it and/or modify
+*  it under the terms of the GNU General Public License as published by
+*  the Free Software Foundation; either version 2 of the License, or
+*  (at your option) any later version.
+*
+*  The GNU General Public License can be found at
+*  http://www.gnu.org/copyleft/gpl.html.
+*
+*  This script is distributed in the hope that it will be useful,
+*  but WITHOUT ANY WARRANTY; without even the implied warranty of
+*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*  GNU General Public License for more details.
+*
+*  This copyright notice MUST APPEAR in all copies of the script!
+***************************************************************/
+/**
+ * Service base class for 'User authentication'.
+ *
+ * @author     René Fritz <r.fritz@colorcube.de>
+ */
+
+require_once(PATH_t3lib.'class.t3lib_svbase.php');
+
+class tx_sv_authbase extends t3lib_svbase      {
+
+       var $pObj;                                              // Parent object
+       
+       var $mode;                                              // Subtype of the service which is used to call the service.
+       
+       var $login=array();                             // Submitted login form data 
+       var $info=array();                              // Various data
+       
+       var $db_user=array();                   // User db table definition
+       var $db_groups=array();                 // Usergroups db table definition
+       
+       var $writeAttemptLog = 0;               // If the writelog() functions is called if a login-attempt has be tried without success
+
+       /**
+        * init service
+        *
+        * @param       string          Subtype of the service which is used to call the service.
+        * @param       array           Submitted login form data 
+        * @param       array           Information array. Holds submitted form data etc.
+        * @param       object          Parent object
+        * @return      void
+        */
+       function initAuth($mode, $loginData, $info, &$pObj)     {
+
+               $this->pObj = &$pObj;
+               
+               $this->mode = $mode;
+               $this->login = $loginData;
+               $this->info = $info;
+
+               $this->db_user = $this->getServiceOption('db_user', $info['db_user'], FALSE);
+               $this->db_groups = $this->getServiceOption('db_groups', $info['db_groups'], FALSE);
+               
+               $this->writeAttemptLog = $this->pObj->writeAttemptLog;  
+               $this->writeDevLog       = $this->pObj->writeDevLog;    
+       }
+
+       /**
+        * Writes to log database table in pObj
+        *
+        * @param       integer         $type: denotes which module that has submitted the entry. This is the current list:  1=tce_db; 2=tce_file; 3=system (eg. sys_history save); 4=modules; 254=Personal settings changed; 255=login / out action: 1=login, 2=logout, 3=failed login (+ errorcode 3), 4=failure_warning_email sent
+        * @param       integer         $action: denotes which specific operation that wrote the entry (eg. 'delete', 'upload', 'update' and so on...). Specific for each $type. Also used to trigger update of the interface. (see the log-module for the meaning of each number !!)
+        * @param       integer         $error: flag. 0 = message, 1 = error (user problem), 2 = System Error (which should not happen), 3 = security notice (admin)
+        * @param       integer         $details_nr: The message number. Specific for each $type and $action. in the future this will make it possible to translate errormessages to other languages
+        * @param       string          $details: Default text that follows the message
+        * @param       array           $data: Data that follows the log. Might be used to carry special information. If an array the first 5 entries (0-4) will be sprintf'ed the details-text...
+        * @param       string          $tablename: Special field used by tce_main.php. These ($tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)
+        * @param       integer         $recuid: Special field used by tce_main.php. These ($tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)
+        * @param       integer         $recpid: Special field used by tce_main.php. These ($tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)
+        * @return      void
+        * @see t3lib_userauthgroup::writelog()
+        */
+       function writelog($type,$action,$error,$details_nr,$details,$data,$tablename='',$recuid='',$recpid='')  {
+               if($this->pObj->writeAttemptLog) {
+                       $this->pObj->writelog($type,$action,$error,$details_nr,$details,$data,$tablename,$recuid,$recpid);
+               }
+       }
+       
+}
+
+
+?>
\ No newline at end of file
diff --git a/typo3/sysext/sv/ext_emconf.php b/typo3/sysext/sv/ext_emconf.php
new file mode 100644 (file)
index 0000000..f357d88
--- /dev/null
@@ -0,0 +1,37 @@
+<?php
+
+########################################################################
+# Extension Manager/Repository config file for ext: 'cms'
+# 
+# Auto generated 12-02-2003 21:25
+# 
+# Manual updates:
+# Only the data in the array - anything else is removed by next write
+########################################################################
+
+$EM_CONF[$_EXTKEY] = Array (
+       'title' => 'Typo3 System Services',
+       'description' => 'The core/default sevices. This includes the default authentication services for now.',
+       'category' => 'services',
+       'shy' => 1,
+       'dependencies' => '',
+       'conflicts' => '',
+       'priority' => 'top',
+       'module' => '',
+       'state' => 'stable',
+       'internal' => 1,
+       'uploadfolder' => 0,
+       'createDirs' => '',
+       'modify_tables' => '',
+       'clearCacheOnLoad' => 1,
+       'lockType' => 'S',
+       'author' => 'René Fritz',
+       'author_email' => 'r.fritz@colorcube.de',
+       'author_company' => 'Colorcube',
+       'private' => 0,
+       'download_password' => '',
+       'version' => '1.0.0',   // Don't modify this! Managed automatically during upload to repository.
+       '_md5_values_when_last_written' => 'a:17:{s:12:"ext_icon.gif";s:4:"87d7";s:17:"ext_localconf.php";s:4:"cdcb";s:14:"ext_tables.php";s:4:"3b6b";s:14:"ext_tables.sql";s:4:"1fcb";s:25:"ext_tables_static+adt.sql";s:4:"5809";s:17:"locallang_tca.php";s:4:"8ac5";s:17:"locallang_ttc.php";s:4:"5737";s:10:"readme.txt";s:4:"0d56";s:11:"tbl_cms.php";s:4:"c1bb";s:18:"tbl_tt_content.php";s:4:"493f";s:16:"layout/clear.gif";s:4:"cc11";s:15:"layout/conf.php";s:4:"badf";s:17:"layout/layout.gif";s:4:"9730";s:20:"layout/locallang.php";s:4:"2a28";s:24:"layout/locallang_mod.php";s:4:"13da";s:33:"web_info/class.tx_cms_webinfo.php";s:4:"1baa";s:22:"web_info/locallang.php";s:4:"00a2";}',
+);
+
+?>
\ No newline at end of file
diff --git a/typo3/sysext/sv/ext_icon.gif b/typo3/sysext/sv/ext_icon.gif
new file mode 100644 (file)
index 0000000..7b2d390
Binary files /dev/null and b/typo3/sysext/sv/ext_icon.gif differ
diff --git a/typo3/sysext/sv/ext_localconf.php b/typo3/sysext/sv/ext_localconf.php
new file mode 100644 (file)
index 0000000..981e872
--- /dev/null
@@ -0,0 +1,26 @@
+<?php
+if (!defined ("TYPO3_MODE"))   die ("Access denied.");
+
+// auth services needs to be added here. ext_tables.php will be read after authentication.
+
+t3lib_extMgm::addService($_EXTKEY,  'auth' /* sv type */,  'tx_sv_auth' /* sv key */,
+               array(
+
+                       'title' => 'User authentication',
+                       'description' => 'Authentication with username/password.',
+
+                       'subtype' => 'getUserBE,authUserBE,getUserFE,authUserFE,getGroupsFE',
+
+                       'available' => TRUE,
+                       'priority' => 50,
+                       'quality' => 50,
+
+                       'os' => '',
+                       'exec' => '',
+
+                       'classFile' => t3lib_extMgm::extPath($_EXTKEY).'class.tx_sv_auth.php',
+                       'className' => 'tx_sv_auth',
+               )
+       );
+
+?>
\ No newline at end of file
diff --git a/typo3/sysext/sv/ext_tables.php b/typo3/sysext/sv/ext_tables.php
new file mode 100644 (file)
index 0000000..5dfee5d
--- /dev/null
@@ -0,0 +1,6 @@
+<?php
+if (!defined ("TYPO3_MODE"))   die ("Access denied.");
+
+// normal services should be added here
+
+?>
\ No newline at end of file