*** empty log message ***
authorKasper Skårhøj <kasper@typo3.org>
Fri, 30 Jan 2004 15:30:01 +0000 (15:30 +0000)
committerKasper Skårhøj <kasper@typo3.org>
Fri, 30 Jan 2004 15:30:01 +0000 (15:30 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@126 709f56b5-9817-0410-a4d7-c38de5d9e867

TODO.txt
t3lib/class.t3lib_beuserauth.php
t3lib/class.t3lib_parsehtml.php
t3lib/class.t3lib_tsfebeuserauth.php
t3lib/config_default.php
typo3/init.php
typo3/sysext/cms/tslib/class.tslib_fe.php
typo3/sysext/cms/tslib/index_ts.php

index 224af4d..88bbc99 100755 (executable)
--- a/TODO.txt
+++ b/TODO.txt
@@ -818,7 +818,7 @@ DB->HTML
 - Basically this is an rsync/ftp sync question which requires a set of static files.
 - Also a "mixed mode" concept where static files not found are server dynamically by TYPO3, but where the TYPO3 install does NOT allow backend access at all - only frontend delivery.
 
-Two situation:
+Two situations:
 - Publish static for local server, using mod_rewrite to direct requests transparently (static/dynamic). So all *.html requests WILL be found, static or dynamically! (Static/Dynamic blend)
 - Publish static for FTP server. All *.html requests MUST exist. (Purely static, limitations acceptable.)
 
index aad517a..52e0dbe 100644 (file)
@@ -163,12 +163,12 @@ class t3lib_beUserAuth extends t3lib_userAuthGroup {
         */
        function checkLockToIP()        {
                global $TYPO3_CONF_VARS;
-               $out=1;
+               $out = 1;
                if ($TYPO3_CONF_VARS['BE']['enabledBeUserIPLock'])      {
                        $IPList = $this->getTSConfigVal('options.lockToIP');
                        if (trim($IPList))      {
                                $baseIP = t3lib_div::getIndpEnv('REMOTE_ADDR');
-                               $out=t3lib_div::cmpIP($baseIP, $IPList);
+                               $out = t3lib_div::cmpIP($baseIP, $IPList);
                        }
                }
                return $out;
index 3a16b83..b5d5420 100644 (file)
@@ -519,6 +519,24 @@ class t3lib_parsehtml {
                                                                                        if (strcmp($params['removeIfEquals'],'') && !strcmp($this->caseShift($tagAttrib[0][$attr],$params['casesensitiveComp']),$this->caseShift($params['removeIfEquals'],$params['casesensitiveComp'])))      {
                                                                                                unset($tagAttrib[0][$attr]);
                                                                                        }
+                                                                                       if ($params['prefixLocalAnchors'])      {
+                                                                                               if (substr($tagAttrib[0][$attr],0,1)=='#')      {
+                                                                                                       $prefix = t3lib_div::getIndpEnv('TYPO3_REQUEST_URL');
+                                                                                                       $tagAttrib[0][$attr] = $prefix.$tagAttrib[0][$attr];
+                                                                                                       if ($params['prefixLocalAnchors']==2 && t3lib_div::isFirstPartOfStr($prefix,t3lib_div::getIndpEnv('TYPO3_SITE_URL')))           {
+                                                                                                               $tagAttrib[0][$attr] = substr($tagAttrib[0][$attr],strlen(t3lib_div::getIndpEnv('TYPO3_SITE_URL')));
+                                                                                                       }
+                                                                                               }
+                                                                                       }
+                                                                                       if ($params['prefixRelPathWith'])       {
+                                                                                               $urlParts = parse_url($tagAttrib[0][$attr]);
+                                                                                               if (!$urlParts['scheme'] && substr($urlParts['path'],0,1)!='/') {       // If it is NOT an absolute URL (by http: or starting "/")
+                                                                                                       $tagAttrib[0][$attr] = $params['prefixRelPathWith'].$tagAttrib[0][$attr];
+                                                                                               }
+                                                                                       }
+                                                                                       if ($params['userFunc'])        {
+                                                                                               $tagAttrib[0][$attr] = t3lib_div::callUserFunction($params['userFunc'],$tagAttrib[0][$attr],$this);
+                                                                                       }
                                                                                }
                                                                        }
                                                                        $tagParts[1]=$this->compileTagAttribs($tagAttrib[0],$tagAttrib[1]);
index 7d412d6..210f819 100755 (executable)
@@ -603,6 +603,49 @@ class t3lib_tsfeBeUserAuth extends t3lib_beUserAuth {
         *
         ****************************************************/
 
+        /**
+         * Implementing the access checks that the typo3/init.php script does before a user is ever logged in.
+         * Used in the frontend.
+         *
+         * @return     boolean         Returns true if access is OK
+         * @see typo3/init.php, t3lib_beuserauth::backendCheckLogin()
+         */
+       function checkBackendAccessSettingsFromInitPhp()        {
+               global $TYPO3_CONF_VARS;
+       
+               // **********************
+               // Check Hardcoded lock on BE:
+               // **********************
+               if ($TYPO3_CONF_VARS['BE']['adminOnly'] < 0)    {
+                       return FALSE;
+               }
+               
+               // **********************
+               // Check IP
+               // **********************
+               if (trim($TYPO3_CONF_VARS['BE']['IPmaskList'])) {
+                       if (!t3lib_div::cmpIP(t3lib_div::getIndpEnv('REMOTE_ADDR'), $TYPO3_CONF_VARS['BE']['IPmaskList']))      {
+                               return FALSE;
+                       }
+               }
+               
+               
+               // **********************
+               // Check SSL (https)
+               // **********************
+               if (intval($TYPO3_CONF_VARS['BE']['lockSSL']))  {
+                       if (!$HTTP_SERVER_VARS['SSL_SESSION_ID'])       {
+                               return FALSE;
+                       }
+               }
+               
+                       // Finally a check from t3lib_beuserauth::backendCheckLogin()
+               if (!$TYPO3_CONF_VARS['BE']['adminOnly'] || $this->isAdmin())   {
+                       return TRUE;
+               } else return FALSE;
+        }
+        
+        
        /**
         * Evaluates if the Backend User has read access to the input page record. 
         * The evaluation is based on both read-permission and whether the page is found in one of the users webmounts. Only if both conditions are true will the function return true.
index 60be67f..0143601 100755 (executable)
@@ -102,7 +102,7 @@ $TYPO3_CONF_VARS = Array(
                'warning_email_addr' => '',                             // Email-address that will receive a warning if there has been failed logins 4 times within an hour (all users).
                'warning_mode' => '',                                   // Bit 1: If set, warning_email_addr gets a mail everytime a user logs in. Bit 2: If set, a mail is sent if an ADMIN user logs in! Other bits reserved for future options.
                'IPmaskList' => '',                                             // String. Lets you define a list of IP-numbers (with *-wildcards) that are the ONLY ones allowed access to ANY backend activity. On error an error header is sent and the script exits. Works like IP masking for users configurable through TSconfig. See syntax for that (or look up syntax for the function t3lib_div::cmpIP())
-               'adminOnly' => 0,                                               // Boolean. If set, the only "admin" users can log in to the backend. For maintenance purposes.
+               'adminOnly' => 0,                                               // Boolean. If set (>=1), the only "admin" users can log in to the backend. If "<=-1" then the backend is totally shut down! For maintenance purposes.
                'lockBeUserToDBmounts' => 1,                    // Boolean. If set, the backend user is allowed to work only within his page-mount. It's advisable to leave this on because it makes security easy to manage.
                'lockSSL' => 0,                                                 // Int. 0,1,2: If set (1+2), the backend can only be operated from an ssl-encrypted connection (https). Set to 2 you will be redirected to the https admin-url supposed to be the http-url, but with https scheme instead.
                'disable_exec_function' => 0,                   // Boolean. Don't use exec() function (except for ImageMagick which is disabled by [GFX][im]=0). If set, all fileoperations are done by the default PHP-functions. This is nescessary under windows! On UNIX the system commands by exec() can be used, unless this is disabled.
index 8530043..0211ef4 100755 (executable)
@@ -153,6 +153,15 @@ require_once (PATH_t3lib.'class.t3lib_befunc.php');
 require_once (PATH_t3lib.'class.t3lib_cs.php');
 
 // **********************
+// Check Hardcoded lock on BE:
+// **********************
+if ($TYPO3_CONF_VARS['BE']['adminOnly'] < 0)   {
+       header('Status: 404 Not Found');        // Send Not Found header - if the webserver can make use of it...
+       header('Location: http://');    // Just point us away from here...
+       exit;   // ... and exit good!
+}
+
+// **********************
 // Check IP
 // **********************
 if (trim($TYPO3_CONF_VARS['BE']['IPmaskList']))        {
index 25789ed..af53864 100755 (executable)
                                // Setting these specifically (like in the init-function):
                        if (isset($GET_VARS['type']))           $this->type = $GET_VARS['type'];
                        if (isset($GET_VARS['cHash']))          $this->cHash = $GET_VARS['cHash'];
-                       if (isset($GET_VARS['no_cache']))       $this->no_cache = $GET_VARS['no_cache'] ? 1 : 0;
                        if (isset($GET_VARS['jumpurl']))        $this->jumpurl = $GET_VARS['jumpurl'];
                        if (isset($GET_VARS['MP']))                     $this->MP = $this->TYPO3_CONF_VARS['FE']['enable_mount_pids'] ? $GET_VARS['MP'] : '';
+
+                       if (isset($GET_VARS['no_cache']) && $GET_VARS['no_cache'])      $this->set_no_cache();
                }
        }       
        
index 0521031..3cfbda9 100755 (executable)
@@ -177,7 +177,7 @@ if ($HTTP_COOKIE_VARS['be_typo_user']) {            // If the backend cookie is set, we pr
                        $BE_USER->fetchGroupData();
                        $TSFE->beUserLogin=1; 
                }
-               if ($BE_USER->checkLockToIP())  {
+               if ($BE_USER->checkLockToIP() && $BE_USER->checkBackendAccessSettingsFromInitPhp())     {
                        $BE_USER->extInitFeAdmin();
                        if ($BE_USER->extAdmEnabled)    {
                                require_once(t3lib_extMgm::extPath('lang').'lang.php');
@@ -218,7 +218,7 @@ if ($HTTP_COOKIE_VARS['be_typo_user']) {            // If the backend cookie is set, we pr
                                        }
                                }
        
-                               if ($TSFE->forceTemplateParsing || $TSFE->displayEditIcons || $TSFE->displayFieldEditIcons)     {$TSFE->set_no_cache();}
+                               if ($TSFE->forceTemplateParsing || $TSFE->displayEditIcons || $TSFE->displayFieldEditIcons)     { $TSFE->set_no_cache(); }
                        }
        
        //              $WEBMOUNTS = (string)($BE_USER->groupData['webmounts'])!='' ? explode(',',$BE_USER->groupData['webmounts']) : Array();