‪TYPO3CMS  10.4
AbstractUserAuthentication.php
Go to the documentation of this file.
1 <?php
2 
3 /*
4  * This file is part of the TYPO3 CMS project.
5  *
6  * It is free software; you can redistribute it and/or modify it under
7  * the terms of the GNU General Public License, either version 2
8  * of the License, or any later version.
9  *
10  * For the full copyright and license information, please read the
11  * LICENSE.txt file that was distributed with this source code.
12  *
13  * The TYPO3 project - inspiring people to share!
14  */
15 
17 
18 use Psr\Log\LoggerAwareInterface;
19 use Psr\Log\LoggerAwareTrait;
20 use Symfony\Component\HttpFoundation\Cookie;
38 use ‪TYPO3\CMS\Core\SysLog\Action\Login as SystemLogLoginAction;
39 use ‪TYPO3\CMS\Core\SysLog\Error as SystemLogErrorClassification;
40 use ‪TYPO3\CMS\Core\SysLog\Type as SystemLogType;
42 
50 abstract class ‪AbstractUserAuthentication implements LoggerAwareInterface
51 {
52  use LoggerAwareTrait;
54 
59  public ‪$name = '';
60 
65  public ‪$user_table = '';
66 
71  public ‪$usergroup_table = '';
72 
77  public ‪$username_column = '';
78 
83  public ‪$userident_column = '';
84 
89  public ‪$userid_column = '';
90 
95  public ‪$usergroup_column = '';
96 
101  public ‪$lastLogin_column = '';
102 
107  public ‪$enablecolumns = [
108  'rootLevel' => '',
109  // Boolean: If TRUE, 'AND pid=0' will be a part of the query...
110  'disabled' => '',
111  'starttime' => '',
112  'endtime' => '',
113  'deleted' => '',
114  ];
115 
119  public ‪$showHiddenRecords = false;
120 
125  public ‪$formfield_uname = '';
126 
131  public ‪$formfield_uident = '';
132 
137  public ‪$formfield_status = '';
138 
147  public ‪$sessionTimeout = 0;
148 
154  public ‪$auth_timeout_field = '';
155 
165  public ‪$lifetime = 0;
166 
173  public ‪$gc_time = 86400;
174 
179  public ‪$gc_probability = 1;
180 
185  public ‪$writeStdLog = false;
186 
191  public ‪$writeAttemptLog = false;
192 
197  public ‪$sendNoCacheHeaders = true;
198 
207  public ‪$hash_length = 32;
208 
212  public ‪$warningEmail = '';
213 
218  public ‪$warningPeriod = 3600;
219 
224  public ‪$warningMax = 3;
225 
230  public ‪$checkPid = true;
231 
236  public ‪$checkPid_value = 0;
237 
243  public ‪$id;
244 
249  public ‪$loginFailure = false;
250 
255  public ‪$loginSessionStarted = false;
256 
261  public ‪$user;
262 
267  public ‪$newSessionID = false;
268 
273  public ‪$forceSetCookie = false;
274 
279  public ‪$dontSetCookie = false;
280 
284  protected ‪$cookieWasSetOnCurrentRequest = false;
285 
290  public ‪$loginType = '';
291 
296  public ‪$svConfig = [];
297 
301  public ‪$uc;
302 
306  protected ‪$ipLocker;
307 
311  protected ‪$sessionBackend;
312 
319  protected ‪$sessionData = [];
320 
326  public function ‪__construct()
327  {
328  $this->svConfig = ‪$GLOBALS['TYPO3_CONF_VARS']['SVCONF']['auth'] ?? [];
329  // If there is a custom session timeout, use this instead of the 1d default gc time.
330  if ($this->sessionTimeout > 0) {
331  $this->gc_time = ‪$this->sessionTimeout;
332  }
333  // Backend or frontend login - used for auth services
334  if (empty($this->loginType)) {
335  throw new ‪Exception('No loginType defined, must be set explicitly by subclass', 1476045345);
336  }
337 
338  $this->ipLocker = GeneralUtility::makeInstance(
339  IpLocker::class,
340  ‪$GLOBALS['TYPO3_CONF_VARS'][$this->loginType]['lockIP'],
341  ‪$GLOBALS['TYPO3_CONF_VARS'][$this->loginType]['lockIPv6']
342  );
343  }
344 
354  public function ‪start()
355  {
356  $this->logger->debug('## Beginning of auth logging.');
357  $this->newSessionID = false;
358  // Make certain that NO user is set initially
359  $this->user = null;
360  // sessionID is set to ses_id if cookie is present. Otherwise a new session will start
361  $this->id = $this->‪getCookie($this->name);
362 
363  // If new session or client tries to fix session...
364  if (!$this->‪isExistingSessionRecord($this->id)) {
365  $this->id = $this->‪createSessionId();
366  $this->newSessionID = true;
367  }
368 
369  // Set all possible headers that could ensure that the script is not cached on the client-side
370  $this->‪sendHttpHeaders();
371  // Load user session, check to see if anyone has submitted login-information and if so authenticate
372  // the user with the session. $this->user[uid] may be used to write log...
373  $this->‪checkAuthentication();
374  // Set cookie if generally enabled or if the current session is a non-session cookie (FE permalogin)
375  if (!$this->dontSetCookie || $this->‪isRefreshTimeBasedCookie()) {
376  $this->‪setSessionCookie();
377  }
378  // Hook for alternative ways of filling the $this->user array (is used by the "timtaw" extension)
379  foreach (‪$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['postUserLookUp'] ?? [] as $funcName) {
380  $_params = [
381  'pObj' => $this,
382  ];
383  GeneralUtility::callUserFunction($funcName, $_params, $this);
384  }
385  // If we're lucky we'll get to clean up old sessions
386  if (random_int(0, mt_getrandmax()) % 100 <= $this->gc_probability) {
387  $this->‪gc();
388  }
389  }
390 
397  protected function ‪sendHttpHeaders()
398  {
399  // skip sending the "no-cache" headers if it's a CLI request or the no-cache headers should not be sent.
400  if (!$this->sendNoCacheHeaders || ‪Environment::isCli()) {
401  return;
402  }
403  $httpHeaders = $this->‪getHttpHeaders();
404  foreach ($httpHeaders as $httpHeaderName => $value) {
405  header($httpHeaderName . ': ' . $value);
406  }
407  }
408 
415  protected function ‪getHttpHeaders(): array
416  {
417  $headers = [
418  'Expires' => 0,
419  'Last-Modified' => gmdate('D, d M Y H:i:s') . ' GMT'
420  ];
421  $cacheControlHeader = 'no-cache, must-revalidate';
422  $pragmaHeader = 'no-cache';
423  // Prevent error message in IE when using a https connection
424  // see https://forge.typo3.org/issues/24125
425  if (strpos(GeneralUtility::getIndpEnv('HTTP_USER_AGENT'), 'MSIE') !== false
426  && GeneralUtility::getIndpEnv('TYPO3_SSL')) {
427  // Some IEs can not handle no-cache
428  // see http://support.microsoft.com/kb/323308/en-us
429  $cacheControlHeader = 'must-revalidate';
430  // IE needs "Pragma: private" if SSL connection
431  $pragmaHeader = 'private';
432  }
433  $headers['Cache-Control'] = $cacheControlHeader;
434  $headers['Pragma'] = $pragmaHeader;
435  return $headers;
436  }
437 
443  protected function ‪setSessionCookie()
444  {
445  $isSetSessionCookie = $this->‪isSetSessionCookie();
446  $isRefreshTimeBasedCookie = $this->‪isRefreshTimeBasedCookie();
447  if ($isSetSessionCookie || $isRefreshTimeBasedCookie) {
448  $settings = ‪$GLOBALS['TYPO3_CONF_VARS']['SYS'];
449  // Get the domain to be used for the cookie (if any):
450  $cookieDomain = $this->‪getCookieDomain();
451  // If no cookie domain is set, use the base path:
452  $cookiePath = $cookieDomain ? '/' : GeneralUtility::getIndpEnv('TYPO3_SITE_PATH');
453  // If the cookie lifetime is set, use it:
454  $cookieExpire = $isRefreshTimeBasedCookie ? ‪$GLOBALS['EXEC_TIME'] + $this->lifetime : 0;
455  // Use the secure option when the current request is served by a secure connection:
456  $cookieSecure = (bool)$settings['cookieSecure'] && GeneralUtility::getIndpEnv('TYPO3_SSL');
457  // Valid options are "strict", "lax" or "none", whereas "none" only works in HTTPS requests (default & fallback is "strict")
458  $cookieSameSite = $this->sanitizeSameSiteCookieValue(
459  strtolower(‪$GLOBALS['TYPO3_CONF_VARS'][$this->loginType]['cookieSameSite'] ?? Cookie::SAMESITE_STRICT)
460  );
461  // SameSite "none" needs the secure option (only allowed on HTTPS)
462  if ($cookieSameSite === Cookie::SAMESITE_NONE) {
463  $cookieSecure = true;
464  }
465  // Do not set cookie if cookieSecure is set to "1" (force HTTPS) and no secure channel is used:
466  if ((int)$settings['cookieSecure'] !== 1 || GeneralUtility::getIndpEnv('TYPO3_SSL')) {
467  $cookie = new Cookie(
468  $this->name,
469  $this->id,
470  $cookieExpire,
471  $cookiePath,
472  $cookieDomain,
473  $cookieSecure,
474  true,
475  false,
476  $cookieSameSite
477  );
478  header('Set-Cookie: ' . $cookie->__toString(), false);
479  $this->cookieWasSetOnCurrentRequest = true;
480  } else {
481  throw new ‪Exception('Cookie was not set since HTTPS was forced in $TYPO3_CONF_VARS[SYS][cookieSecure].', 1254325546);
482  }
483  $this->logger->debug(
484  ($isRefreshTimeBasedCookie ? 'Updated Cookie: ' : 'Set Cookie: ')
485  . sha1($this->id) . ($cookieDomain ? ', ' . $cookieDomain : '')
486  );
487  }
488  }
489 
496  protected function ‪getCookieDomain()
497  {
498  $result = '';
499  $cookieDomain = ‪$GLOBALS['TYPO3_CONF_VARS']['SYS']['cookieDomain'];
500  // If a specific cookie domain is defined for a given TYPO3_MODE,
501  // use that domain
502  if (!empty(‪$GLOBALS['TYPO3_CONF_VARS'][$this->loginType]['cookieDomain'])) {
503  $cookieDomain = ‪$GLOBALS['TYPO3_CONF_VARS'][‪$this->loginType]['cookieDomain'];
504  }
505  if ($cookieDomain) {
506  if ($cookieDomain[0] === '/') {
507  $match = [];
508  $matchCnt = @preg_match($cookieDomain, GeneralUtility::getIndpEnv('TYPO3_HOST_ONLY'), $match);
509  if ($matchCnt === false) {
510  $this->logger->critical('The regular expression for the cookie domain (' . $cookieDomain . ') contains errors. The session is not shared across sub-domains.');
511  } elseif ($matchCnt) {
512  $result = $match[0];
513  }
514  } else {
515  $result = $cookieDomain;
516  }
517  }
518  return $result;
519  }
520 
527  protected function ‪getCookie($cookieName)
528  {
529  return isset($_COOKIE[$cookieName]) ? stripslashes($_COOKIE[$cookieName]) : '';
530  }
531 
538  public function ‪isSetSessionCookie()
539  {
540  return ($this->newSessionID || $this->forceSetCookie) && $this->lifetime == 0;
541  }
542 
549  public function ‪isRefreshTimeBasedCookie()
550  {
551  return $this->lifetime > 0;
552  }
553 
560  public function ‪checkAuthentication()
561  {
562  // No user for now - will be searched by service below
563  $tempuserArr = [];
564  $tempuser = false;
565  // User is not authenticated by default
566  $authenticated = false;
567  // User want to login with passed login data (name/password)
568  $activeLogin = false;
569  // Indicates if an active authentication failed (not auto login)
570  $this->loginFailure = false;
571  $this->logger->debug('Login type: ' . $this->loginType);
572  // The info array provide additional information for auth services
573  $authInfo = $this->‪getAuthInfoArray();
574  // Get Login/Logout data submitted by a form or params
575  $loginData = $this->‪getLoginFormData();
576  $this->logger->debug('Login data', $this->‪removeSensitiveLoginDataForLoggingInfo($loginData));
577  // Active logout (eg. with "logout" button)
578  if ($loginData['status'] === ‪LoginType::LOGOUT) {
579  if ($this->writeStdLog) {
580  // $type,$action,$error,$details_nr,$details,$data,$tablename,$recuid,$recpid
581  $this->‪writelog(SystemLogType::LOGIN, SystemLogLoginAction::LOGOUT, SystemLogErrorClassification::MESSAGE, 2, 'User %s logged out', [$this->user['username']], '', 0, 0);
582  }
583  $this->logger->info('User logged out. Id: ' . sha1($this->id));
584  $this->‪logoff();
585  }
586  // Determine whether we need to skip session update.
587  // This is used mainly for checking session timeout in advance without refreshing the current session's timeout.
588  $skipSessionUpdate = (bool)GeneralUtility::_GP('skipSessionUpdate');
589  $haveSession = false;
590  $anonymousSession = false;
591  if (!$this->newSessionID) {
592  // Read user session
593  $authInfo['userSession'] = $this->‪fetchUserSession($skipSessionUpdate);
594  $haveSession = is_array($authInfo['userSession']);
595  if ($haveSession && !empty($authInfo['userSession']['ses_anonymous'])) {
596  $anonymousSession = true;
597  }
598  }
599 
600  // Active login (eg. with login form).
601  if (!$haveSession && $loginData['status'] === ‪LoginType::LOGIN) {
602  $activeLogin = true;
603  $this->logger->debug('Active login (eg. with login form)');
604  // check referrer for submitted login values
605  if ($this->formfield_status && $loginData['uident'] && $loginData['uname']) {
606  // Delete old user session if any
607  $this->‪logoff();
608  }
609  // Refuse login for _CLI users, if not processing a CLI request type
610  // (although we shouldn't be here in case of a CLI request type)
611  if (stripos($loginData['uname'], '_CLI_') === 0 && !‪Environment::isCli()) {
612  throw new \RuntimeException('TYPO3 Fatal Error: You have tried to login using a CLI user. Access prohibited!', 1270853931);
613  }
614  }
615 
616  // Cause elevation of privilege, make sure regenerateSessionId is called later on
617  if ($anonymousSession && $loginData['status'] === ‪LoginType::LOGIN) {
618  $activeLogin = true;
619  }
620 
621  if ($haveSession) {
622  $this->logger->debug('User session found', [
623  $this->userid_column => $authInfo['userSession'][$this->userid_column] ?? null,
624  $this->username_column => $authInfo['userSession'][$this->username_column] ?? null,
625  ]);
626  } else {
627  $this->logger->debug('No user session found');
628  }
629  if (is_array($this->svConfig['setup'] ?? false)) {
630  $this->logger->debug('SV setup', $this->svConfig['setup']);
631  }
632 
633  // Fetch user if ...
634  if (
635  $activeLogin || !empty($this->svConfig['setup'][$this->loginType . '_alwaysFetchUser'])
636  || !$haveSession && !empty($this->svConfig['setup'][$this->loginType . '_fetchUserIfNoSession'])
637  ) {
638  // Use 'auth' service to find the user
639  // First found user will be used
640  $subType = 'getUser' . ‪$this->loginType;
642  foreach ($this->‪getAuthServices($subType, $loginData, $authInfo) as $serviceObj) {
643  if ($row = $serviceObj->getUser()) {
644  $tempuserArr[] = $row;
645  $this->logger->debug('User found', [
646  $this->userid_column => $row[$this->userid_column],
647  $this->username_column => $row[$this->username_column],
648  ]);
649  // User found, just stop to search for more if not configured to go on
650  if (empty($this->svConfig['setup'][$this->loginType . '_fetchAllUsers'])) {
651  break;
652  }
653  }
654  }
655 
656  if (!empty($this->svConfig['setup'][$this->loginType . '_alwaysFetchUser'])) {
657  $this->logger->debug($this->loginType . '_alwaysFetchUser option is enabled');
658  }
659  if (empty($tempuserArr)) {
660  $this->logger->debug('No user found by services');
661  } else {
662  $this->logger->debug(count($tempuserArr) . ' user records found by services');
663  }
664  }
665 
666  // If no new user was set we use the already found user session
667  if (empty($tempuserArr) && $haveSession && !$anonymousSession) {
668  $tempuserArr[] = $authInfo['userSession'];
669  $tempuser = $authInfo['userSession'];
670  // User is authenticated because we found a user session
671  $authenticated = true;
672  $this->logger->debug('User session used', [
673  $this->userid_column => $authInfo['userSession'][$this->userid_column],
674  $this->username_column => $authInfo['userSession'][$this->username_column],
675  ]);
676  }
677  // Re-auth user when 'auth'-service option is set
678  if (!empty($this->svConfig['setup'][$this->loginType . '_alwaysAuthUser'])) {
679  $authenticated = false;
680  $this->logger->debug('alwaysAuthUser option is enabled');
681  }
682  // Authenticate the user if needed
683  if (!empty($tempuserArr) && !$authenticated) {
684  foreach ($tempuserArr as $tempuser) {
685  // Use 'auth' service to authenticate the user
686  // If one service returns FALSE then authentication failed
687  // a service might return 100 which means there's no reason to stop but the user can't be authenticated by that service
688  $this->logger->debug('Auth user', $this->‪removeSensitiveLoginDataForLoggingInfo($tempuser, true));
689  $subType = 'authUser' . ‪$this->loginType;
690 
692  foreach ($this->‪getAuthServices($subType, $loginData, $authInfo) as $serviceObj) {
693  if (($ret = $serviceObj->authUser($tempuser)) > 0) {
694  // If the service returns >=200 then no more checking is needed - useful for IP checking without password
695  if ((int)$ret >= 200) {
696  $authenticated = true;
697  break;
698  }
699  if ((int)$ret >= 100) {
700  } else {
701  $authenticated = true;
702  }
703  } else {
704  $authenticated = false;
705  break;
706  }
707  }
708 
709  if ($authenticated) {
710  // Leave foreach() because a user is authenticated
711  break;
712  }
713  }
714  // mimic user authentication to mitigate observable timing discrepancies
715  // @link https://cwe.mitre.org/data/definitions/208.html
716  } elseif ($activeLogin) {
717  $subType = 'authUser' . ‪$this->loginType;
718  foreach ($this->‪getAuthServices($subType, $loginData, $authInfo) as $serviceObj) {
719  if ($serviceObj instanceof MimicServiceInterface && $serviceObj->mimicAuthUser() === false) {
720  break;
721  }
722  }
723  }
724 
725  // If user is authenticated a valid user is in $tempuser
726  if ($authenticated) {
727  // Reset failure flag
728  $this->loginFailure = false;
729  // Insert session record if needed:
730  if (!$haveSession || $anonymousSession || $tempuser['ses_id'] != $this->id && $tempuser['uid'] != $authInfo['userSession']['ses_userid']) {
731  ‪$sessionData = $this->‪createUserSession($tempuser);
732 
733  // Preserve session data on login
734  if ($anonymousSession) {
736  $this->id,
737  ['ses_data' => $authInfo['userSession']['ses_data']]
738  );
739  }
740 
741  $this->user = array_merge(
742  $tempuser,
744  );
745  // The login session is started.
746  $this->loginSessionStarted = true;
747  if (is_array($this->user)) {
748  $this->logger->debug('User session finally read', [
749  $this->userid_column => $this->user[$this->userid_column],
750  $this->username_column => $this->user[$this->username_column],
751  ]);
752  }
753  } elseif ($haveSession) {
754  // Validate the session ID and promote it
755  // This check can be removed in TYPO3 v11
756  if ($this->‪getSessionBackend() instanceof HashableSessionBackendInterface && !empty($authInfo['userSession']['ses_id'] ?? '')) {
757  // The session is stored in plaintext, promote it
758  if ($authInfo['userSession']['ses_id'] === $this->id) {
759  $authInfo['userSession'] = $this->‪getSessionBackend()->‪update(
760  $this->id,
761  ['ses_data' => $authInfo['userSession']['ses_data']]
762  );
763  }
764  }
765  // if we come here the current session is for sure not anonymous as this is a pre-condition for $authenticated = true
766  $this->user = $authInfo['userSession'];
767  }
768 
769  if ($activeLogin && !$this->newSessionID) {
770  $this->‪regenerateSessionId();
771  }
772 
773  // User logged in - write that to the log!
774  if ($this->writeStdLog && $activeLogin) {
775  $this->‪writelog(SystemLogType::LOGIN, SystemLogLoginAction::LOGIN, SystemLogErrorClassification::MESSAGE, 1, 'User %s logged in from ###IP###', [$tempuser[$this->username_column]], '', '', '');
776  }
777  if ($activeLogin) {
778  $this->logger->info('User ' . $tempuser[$this->username_column] . ' logged in from ' . GeneralUtility::getIndpEnv('REMOTE_ADDR'));
779  }
780  if (!$activeLogin) {
781  $this->logger->debug('User ' . $tempuser[$this->username_column] . ' authenticated from ' . GeneralUtility::getIndpEnv('REMOTE_ADDR'));
782  }
783  } else {
784  // User was not authenticated, so we should reuse the existing anonymous session
785  if ($anonymousSession) {
786  $this->user = $authInfo['userSession'];
787  }
788 
789  // Mark the current login attempt as failed
790  if ($activeLogin || !empty($tempuserArr)) {
791  $this->loginFailure = true;
792  if (empty($tempuserArr) && $activeLogin) {
793  $logData = [
794  'loginData' => $this->‪removeSensitiveLoginDataForLoggingInfo($loginData)
795  ];
796  $this->logger->debug('Login failed', $logData);
797  }
798  if (!empty($tempuserArr)) {
799  $logData = [
800  $this->userid_column => $tempuser[‪$this->userid_column],
801  $this->username_column => $tempuser[‪$this->username_column],
802  ];
803  $this->logger->debug('Login failed', $logData);
804  }
805  }
806  }
807 
808  // If there were a login failure, check to see if a warning email should be sent:
809  if ($this->loginFailure && $activeLogin) {
810  $this->logger->debug(
811  'Call checkLogFailures',
812  [
813  'warningEmail' => $this->warningEmail,
814  'warningPeriod' => $this->warningPeriod,
815  'warningMax' => $this->warningMax
816  ]
817  );
818 
819  // Hook to implement login failure tracking methods
820  $_params = [];
821  $sleep = true;
822  foreach (‪$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['postLoginFailureProcessing'] ?? [] as $_funcRef) {
823  GeneralUtility::callUserFunction($_funcRef, $_params, $this);
824  $sleep = false;
825  }
826 
827  if ($sleep) {
828  // No hooks were triggered - default login failure behavior is to sleep 5 seconds
829  sleep(5);
830  }
831 
832  $this->‪checkLogFailures($this->warningEmail, $this->warningPeriod, $this->warningMax);
833  }
834  }
835 
841  public function ‪createSessionId()
842  {
843  return GeneralUtility::makeInstance(Random::class)->generateRandomHexString($this->hash_length);
844  }
845 
854  protected function ‪getAuthServices(string $subType, array $loginData, array $authInfo): \Traversable
855  {
856  $serviceChain = [];
857  while (is_object($serviceObj = GeneralUtility::makeInstanceService('auth', $subType, $serviceChain))) {
858  $serviceChain[] = $serviceObj->getServiceKey();
859  $serviceObj->initAuth($subType, $loginData, $authInfo, $this);
860  yield $serviceObj;
861  }
862  if (!empty($serviceChain)) {
863  $this->logger->debug($subType . ' auth services called: ' . implode(', ', $serviceChain));
864  }
865  }
866 
875  protected function ‪regenerateSessionId(array $existingSessionRecord = [], bool $anonymous = false)
876  {
877  if (empty($existingSessionRecord)) {
878  $existingSessionRecord = $this->‪getSessionBackend()->‪get($this->id);
879  }
880 
881  // Update session record with new ID
882  $oldSessionId = ‪$this->id;
883  $this->id = $this->‪createSessionId();
884  $updatedSession = $this->‪getSessionBackend()->‪set($this->id, $existingSessionRecord);
885  $this->sessionData = unserialize($updatedSession['ses_data']);
886  // Merge new session data into user/session array
887  $this->user = array_merge($this->user ?? [], $updatedSession);
888  $this->‪getSessionBackend()->‪remove($oldSessionId);
889  $this->newSessionID = true;
890  }
891 
892  /*************************
893  *
894  * User Sessions
895  *
896  *************************/
897 
905  public function ‪createUserSession($tempuser)
906  {
907  $this->logger->debug('Create session ses_id = ' . sha1($this->id));
908  // Delete any session entry first
909  $this->‪getSessionBackend()->‪remove($this->id);
910  // Re-create session entry
911  $sessionRecord = $this->‪getNewSessionRecord($tempuser);
912  $sessionRecord = $this->‪getSessionBackend()->‪set($this->id, $sessionRecord);
913  // Updating lastLogin_column carrying information about last login.
914  $this->‪updateLoginTimestamp($tempuser[$this->userid_column]);
915  return $sessionRecord;
916  }
917 
923  protected function ‪updateLoginTimestamp(int $userId)
924  {
925  if ($this->lastLogin_column) {
926  $connection = GeneralUtility::makeInstance(ConnectionPool::class)->getConnectionForTable($this->user_table);
927  $connection->update(
928  $this->user_table,
929  [$this->lastLogin_column => ‪$GLOBALS['EXEC_TIME']],
930  [$this->userid_column => $userId]
931  );
932  }
933  }
934 
942  public function ‪getNewSessionRecord($tempuser)
943  {
944  $sessionIpLock = $this->ipLocker->getSessionIpLock((string)GeneralUtility::getIndpEnv('REMOTE_ADDR'), empty($tempuser['disableIPlock']));
945 
946  return [
947  'ses_id' => ‪$this->id,
948  'ses_iplock' => $sessionIpLock,
949  'ses_userid' => $tempuser[‪$this->userid_column] ?? 0,
950  'ses_tstamp' => ‪$GLOBALS['EXEC_TIME'],
951  'ses_data' => '',
952  ];
953  }
954 
961  public function ‪fetchUserSession($skipSessionUpdate = false)
962  {
963  $this->logger->debug('Fetch session ses_id = ' . sha1($this->id));
964  try {
965  $sessionRecord = $this->‪getSessionBackend()->‪get($this->id);
966  } catch (SessionNotFoundException $e) {
967  return false;
968  }
969 
970  $this->sessionData = unserialize($sessionRecord['ses_data']);
971  // Session is anonymous so no need to fetch user
972  if (!empty($sessionRecord['ses_anonymous'])) {
973  return $sessionRecord;
974  }
975 
976  // Fetch the user from the DB
977  $userRecord = $this->‪getRawUserByUid((int)$sessionRecord['ses_userid']);
978  if ($userRecord) {
979  $userRecord = array_merge($sessionRecord, $userRecord);
980  // A user was found
981  $userRecord['ses_tstamp'] = (int)$userRecord['ses_tstamp'];
982  $userRecord['is_online'] = (int)$userRecord['ses_tstamp'];
983 
984  if (!empty($this->auth_timeout_field)) {
985  // Get timeout-time from usertable
986  $timeout = (int)$userRecord[$this->auth_timeout_field];
987  } else {
988  $timeout = ‪$this->sessionTimeout;
989  }
990  // If timeout > 0 (TRUE) and current time has not exceeded the latest sessions-time plus the timeout in seconds then accept user
991  // Use a gracetime-value to avoid updating a session-record too often
992  if ($timeout > 0 && ‪$GLOBALS['EXEC_TIME'] < $userRecord['ses_tstamp'] + $timeout) {
993  $sessionUpdateGracePeriod = 61;
994  if (!$skipSessionUpdate && ‪$GLOBALS['EXEC_TIME'] > ($userRecord['ses_tstamp'] + $sessionUpdateGracePeriod)) {
995  // Update the session timestamp by writing a dummy update. (Backend will update the timestamp)
996  $updatesSession = $this->‪getSessionBackend()->‪update($this->id, []);
997  $userRecord = array_merge($userRecord, $updatesSession);
998  }
999  } else {
1000  // Delete any user set...
1001  $this->‪logoff();
1002  $userRecord = false;
1003  }
1004  }
1005  return $userRecord;
1006  }
1013  public function ‪enforceNewSessionId()
1014  {
1015  $this->‪regenerateSessionId();
1016  $this->‪setSessionCookie();
1017  }
1018 
1024  public function ‪logoff()
1025  {
1026  $this->logger->debug('logoff: ses_id = ' . sha1($this->id));
1027 
1028  $_params = [];
1029  foreach (‪$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['logoff_pre_processing'] ?? [] as $_funcRef) {
1030  if ($_funcRef) {
1031  GeneralUtility::callUserFunction($_funcRef, $_params, $this);
1032  }
1033  }
1034  $this->‪performLogoff();
1035 
1036  foreach (‪$GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['logoff_post_processing'] ?? [] as $_funcRef) {
1037  if ($_funcRef) {
1038  GeneralUtility::callUserFunction($_funcRef, $_params, $this);
1039  }
1040  }
1041  }
1042 
1048  protected function ‪performLogoff()
1049  {
1050  if ($this->id) {
1051  $this->‪getSessionBackend()->‪remove($this->id);
1052  }
1053  $this->sessionData = [];
1054  $this->user = null;
1055  if ($this->‪isCookieSet()) {
1056  $this->‪removeCookie($this->name);
1057  }
1058  }
1059 
1065  public function ‪removeCookie($cookieName)
1066  {
1067  $cookieDomain = $this->‪getCookieDomain();
1068  // If no cookie domain is set, use the base path
1069  $cookiePath = $cookieDomain ? '/' : GeneralUtility::getIndpEnv('TYPO3_SITE_PATH');
1070  setcookie($cookieName, '', -1, $cookiePath, $cookieDomain);
1071  }
1072 
1080  public function ‪isExistingSessionRecord(‪$id)
1081  {
1082  if (empty(‪$id)) {
1083  return false;
1084  }
1085  try {
1086  $sessionRecord = $this->‪getSessionBackend()->‪get(‪$id);
1087  if (empty($sessionRecord)) {
1088  return false;
1089  }
1090  // If the session does not match the current IP lock, it should be treated as invalid
1091  // and a new session should be created.
1092  return $this->ipLocker->validateRemoteAddressAgainstSessionIpLock((string)GeneralUtility::getIndpEnv('REMOTE_ADDR'), $sessionRecord['ses_iplock']);
1093  } catch (‪SessionNotFoundException $e) {
1094  return false;
1095  }
1096  }
1097 
1104  public function ‪isCookieSet()
1105  {
1106  return $this->cookieWasSetOnCurrentRequest || $this->‪getCookie($this->name);
1107  }
1108 
1109  /*************************
1110  *
1111  * SQL Functions
1112  *
1113  *************************/
1122  protected function ‪userConstraints(): QueryRestrictionContainerInterface
1123  {
1124  $restrictionContainer = GeneralUtility::makeInstance(DefaultRestrictionContainer::class);
1125 
1126  if (empty($this->enablecolumns['disabled'])) {
1127  $restrictionContainer->removeByType(HiddenRestriction::class);
1128  }
1129 
1130  if (empty($this->enablecolumns['deleted'])) {
1131  $restrictionContainer->removeByType(DeletedRestriction::class);
1132  }
1133 
1134  if (empty($this->enablecolumns['starttime'])) {
1135  $restrictionContainer->removeByType(StartTimeRestriction::class);
1136  }
1137 
1138  if (empty($this->enablecolumns['endtime'])) {
1139  $restrictionContainer->removeByType(EndTimeRestriction::class);
1140  }
1141 
1142  if (!empty($this->enablecolumns['rootLevel'])) {
1143  $restrictionContainer->add(GeneralUtility::makeInstance(RootLevelRestriction::class, [$this->user_table]));
1144  }
1145 
1146  return $restrictionContainer;
1147  }
1148 
1149  /*************************
1150  *
1151  * Session and Configuration Handling
1152  *
1153  *************************/
1161  public function ‪writeUC($variable = '')
1162  {
1163  if (is_array($this->user) && $this->user[$this->userid_column]) {
1164  if (!is_array($variable)) {
1165  $variable = ‪$this->uc;
1166  }
1167  $this->logger->debug('writeUC: ' . $this->userid_column . '=' . (int)$this->user[$this->userid_column]);
1168  GeneralUtility::makeInstance(ConnectionPool::class)->getConnectionForTable($this->user_table)->update(
1169  $this->user_table,
1170  ['uc' => serialize($variable)],
1171  [$this->userid_column => (int)$this->user[$this->userid_column]],
1172  ['uc' => ‪Connection::PARAM_LOB]
1173  );
1174  }
1175  }
1176 
1183  public function ‪unpack_uc($theUC = '')
1184  {
1185  if (!$theUC && isset($this->user['uc'])) {
1186  $theUC = unserialize($this->user['uc'], ['allowed_classes' => false]);
1187  }
1188  if (is_array($theUC)) {
1189  $this->uc = $theUC;
1190  }
1191  }
1192 
1202  public function ‪pushModuleData($module, $data, $noSave = 0)
1203  {
1204  $sessionHash = GeneralUtility::hmac(
1205  $this->id,
1206  'core-session-hash'
1207  );
1208  $this->uc['moduleData'][$module] = $data;
1209  $this->uc['moduleSessionID'][$module] = $sessionHash;
1210  if (!$noSave) {
1211  $this->‪writeUC();
1212  }
1213  }
1214 
1222  public function ‪getModuleData($module, $type = '')
1223  {
1224  $sessionHash = GeneralUtility::hmac(
1225  $this->id,
1226  'core-session-hash'
1227  );
1228  ‪$sessionData = $this->uc['moduleData'][$module] ?? null;
1229  $moduleSessionIdHash = $this->uc['moduleSessionID'][$module] ?? null;
1230  if ($type !== 'ses'
1231  || ‪$sessionData !== null && $moduleSessionIdHash === $sessionHash
1232  // @todo Fallback for non-hashed values in `moduleSessionID`, remove for TYPO3 v11.5 LTS
1233  || ‪$sessionData !== null && $moduleSessionIdHash === $this->id
1234  ) {
1235  return ‪$sessionData;
1236  }
1237  return null;
1238  }
1239 
1247  public function ‪getSessionData($key)
1248  {
1249  return $this->sessionData[$key] ?? null;
1250  }
1251 
1259  public function ‪setSessionData($key, $data)
1260  {
1261  if (empty($key)) {
1262  throw new \InvalidArgumentException('Argument key must not be empty', 1484311516);
1263  }
1264  $this->sessionData[$key] = $data;
1265  }
1266 
1274  public function ‪setAndSaveSessionData($key, $data)
1275  {
1276  $this->sessionData[$key] = $data;
1277  $this->user['ses_data'] = serialize($this->sessionData);
1278  $this->logger->debug('setAndSaveSessionData: ses_id = ' . sha1($this->id));
1279  $updatedSession = $this->‪getSessionBackend()->‪update(
1280  $this->id,
1281  ['ses_data' => $this->user['ses_data']]
1282  );
1283  $this->user = array_merge($this->user ?? [], $updatedSession);
1284  }
1285 
1286  /*************************
1287  *
1288  * Misc
1289  *
1290  *************************/
1297  public function ‪getLoginFormData()
1298  {
1299  $loginData = [
1300  'status' => GeneralUtility::_GP($this->formfield_status),
1301  'uname' => GeneralUtility::_POST($this->formfield_uname),
1302  'uident' => GeneralUtility::_POST($this->formfield_uident)
1303  ];
1304  // Only process the login data if a login is requested
1305  if ($loginData['status'] === ‪LoginType::LOGIN) {
1306  $loginData = $this->‪processLoginData($loginData);
1307  }
1308  return $loginData;
1309  }
1310 
1320  public function ‪processLoginData($loginData, $passwordTransmissionStrategy = '')
1321  {
1322  $loginSecurityLevel = trim(‪$GLOBALS['TYPO3_CONF_VARS'][$this->loginType]['loginSecurityLevel']) ?: 'normal';
1323  $passwordTransmissionStrategy = $passwordTransmissionStrategy ?: $loginSecurityLevel;
1324  $this->logger->debug('Login data before processing', $this->‪removeSensitiveLoginDataForLoggingInfo($loginData));
1325  $subType = 'processLoginData' . ‪$this->loginType;
1326  $authInfo = $this->‪getAuthInfoArray();
1327  $isLoginDataProcessed = false;
1328  $processedLoginData = $loginData;
1330  foreach ($this->‪getAuthServices($subType, $loginData, $authInfo) as $serviceObject) {
1331  $serviceResult = $serviceObject->processLoginData($processedLoginData, $passwordTransmissionStrategy);
1332  if (!empty($serviceResult)) {
1333  $isLoginDataProcessed = true;
1334  // If the service returns >=200 then no more processing is needed
1335  if ((int)$serviceResult >= 200) {
1336  break;
1337  }
1338  }
1339  }
1340  if ($isLoginDataProcessed) {
1341  $loginData = $processedLoginData;
1342  $this->logger->debug('Processed login data', $this->‪removeSensitiveLoginDataForLoggingInfo($processedLoginData));
1343  }
1344  return $loginData;
1345  }
1346 
1357  protected function ‪removeSensitiveLoginDataForLoggingInfo($data, bool $isUserRecord = false)
1358  {
1359  if ($isUserRecord && is_array($data)) {
1360  $fieldNames = ['uid', 'pid', 'tstamp', 'crdate', 'cruser_id', 'deleted', 'disabled', 'starttime', 'endtime', 'username', 'admin', 'usergroup', 'db_mountpoints', 'file_mountpoints', 'file_permissions', 'workspace_perms', 'lastlogin', 'workspace_id', 'category_perms'];
1361  $data = array_intersect_key($data, array_combine($fieldNames, $fieldNames));
1362  }
1363  if (isset($data['uident'])) {
1364  $data['uident'] = '********';
1365  }
1366  if (isset($data['uident_text'])) {
1367  $data['uident_text'] = '********';
1368  }
1369  if (isset($data['password'])) {
1370  $data['password'] = '********';
1371  }
1372  return $data;
1373  }
1374 
1381  public function ‪getAuthInfoArray()
1382  {
1383  $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($this->user_table);
1384  $expressionBuilder = $queryBuilder->expr();
1385  $authInfo = [];
1386  $authInfo['loginType'] = ‪$this->loginType;
1387  $authInfo['refInfo'] = parse_url(GeneralUtility::getIndpEnv('HTTP_REFERER'));
1388  $authInfo['HTTP_HOST'] = GeneralUtility::getIndpEnv('HTTP_HOST');
1389  $authInfo['REMOTE_ADDR'] = GeneralUtility::getIndpEnv('REMOTE_ADDR');
1390  $authInfo['REMOTE_HOST'] = GeneralUtility::getIndpEnv('REMOTE_HOST');
1391  $authInfo['showHiddenRecords'] = ‪$this->showHiddenRecords;
1392  // Can be overridden in localconf by SVCONF:
1393  $authInfo['db_user']['table'] = ‪$this->user_table;
1394  $authInfo['db_user']['userid_column'] = ‪$this->userid_column;
1395  $authInfo['db_user']['username_column'] = ‪$this->username_column;
1396  $authInfo['db_user']['userident_column'] = ‪$this->userident_column;
1397  $authInfo['db_user']['usergroup_column'] = ‪$this->usergroup_column;
1398  $authInfo['db_user']['enable_clause'] = $this->‪userConstraints()->‪buildExpression(
1399  [$this->user_table => $this->user_table],
1400  $expressionBuilder
1401  );
1402  if ($this->checkPid && $this->checkPid_value !== null) {
1403  $authInfo['db_user']['checkPidList'] = ‪$this->checkPid_value;
1404  $authInfo['db_user']['check_pid_clause'] = $expressionBuilder->in(
1405  'pid',
1406  ‪GeneralUtility::intExplode(',', (string)$this->checkPid_value)
1407  );
1408  } else {
1409  $authInfo['db_user']['checkPidList'] = '';
1410  $authInfo['db_user']['check_pid_clause'] = '';
1411  }
1412  $authInfo['db_groups']['table'] = ‪$this->usergroup_table;
1413  return $authInfo;
1414  }
1415 
1421  public function ‪gc()
1422  {
1423  $this->‪getSessionBackend()->‪collectGarbage($this->gc_time);
1424  }
1439  public function ‪writelog($type, $action, $error, $details_nr, $details, $data, $tablename, $recuid, $recpid)
1440  {
1441  }
1442 
1451  public function ‪checkLogFailures($email, $secondsBack, $maxFailures)
1452  {
1453  }
1454 
1466  public function ‪setBeUserByUid($uid)
1467  {
1468  $this->user = $this->‪getRawUserByUid($uid);
1469  }
1470 
1478  public function ‪setBeUserByName(‪$name)
1479  {
1480  $this->user = $this->‪getRawUserByName(‪$name);
1481  }
1482 
1490  public function ‪getRawUserByUid($uid)
1491  {
1492  $query = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($this->user_table);
1493  $query->setRestrictions($this->‪userConstraints());
1494  $query->select('*')
1495  ->from($this->user_table)
1496  ->where($query->expr()->eq('uid', $query->createNamedParameter($uid, \PDO::PARAM_INT)));
1497 
1498  return $query->execute()->fetch();
1499  }
1500 
1509  public function ‪getRawUserByName(‪$name)
1510  {
1511  $query = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($this->user_table);
1512  $query->setRestrictions($this->‪userConstraints());
1513  $query->select('*')
1514  ->from($this->user_table)
1515  ->where($query->expr()->eq('username', $query->createNamedParameter(‪$name, \PDO::PARAM_STR)));
1516 
1517  return $query->execute()->fetch();
1518  }
1519 
1524  public function ‪getSessionId(): string
1525  {
1526  return ‪$this->id;
1527  }
1528 
1533  public function ‪getLoginType(): string
1534  {
1535  return ‪$this->loginType;
1536  }
1537 
1543  protected function ‪getSessionBackend()
1544  {
1545  if (!isset($this->sessionBackend)) {
1546  $this->sessionBackend = GeneralUtility::makeInstance(SessionManager::class)->getSessionBackend($this->loginType);
1547  }
1548  return ‪$this->sessionBackend;
1549  }
1550 }
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$ipLocker
‪IpLocker $ipLocker
Definition: AbstractUserAuthentication.php:267
‪TYPO3\CMS\Core\Database\Query\Restriction\HiddenRestriction
Definition: HiddenRestriction.php:27
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$checkPid
‪bool $checkPid
Definition: AbstractUserAuthentication.php:204
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\logoff
‪logoff()
Definition: AbstractUserAuthentication.php:983
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$checkPid_value
‪int $checkPid_value
Definition: AbstractUserAuthentication.php:209
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$loginFailure
‪bool $loginFailure
Definition: AbstractUserAuthentication.php:220
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\removeSensitiveLoginDataForLoggingInfo
‪mixed removeSensitiveLoginDataForLoggingInfo($data, bool $isUserRecord=false)
Definition: AbstractUserAuthentication.php:1316
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$loginType
‪string $loginType
Definition: AbstractUserAuthentication.php:254
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$sessionData
‪array $sessionData
Definition: AbstractUserAuthentication.php:278
‪TYPO3\CMS\Core\Authentication\MimicServiceInterface
Definition: MimicServiceInterface.php:21
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\updateLoginTimestamp
‪updateLoginTimestamp(int $userId)
Definition: AbstractUserAuthentication.php:882
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\createSessionId
‪string createSessionId()
Definition: AbstractUserAuthentication.php:800
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getCookieDomain
‪string getCookieDomain()
Definition: AbstractUserAuthentication.php:455
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$sessionBackend
‪SessionBackendInterface $sessionBackend
Definition: AbstractUserAuthentication.php:271
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\writeUC
‪writeUC($variable='')
Definition: AbstractUserAuthentication.php:1120
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\unpack_uc
‪unpack_uc($theUC='')
Definition: AbstractUserAuthentication.php:1142
‪TYPO3\CMS\Core\Database\Query\Restriction\EndTimeRestriction
Definition: EndTimeRestriction.php:27
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getRawUserByUid
‪array getRawUserByUid($uid)
Definition: AbstractUserAuthentication.php:1449
‪TYPO3\CMS\Core\Session\Backend\SessionBackendInterface\get
‪array get(string $sessionId)
‪TYPO3\CMS\Core\Exception
Definition: Exception.php:22
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\processLoginData
‪array processLoginData($loginData, $passwordTransmissionStrategy='')
Definition: AbstractUserAuthentication.php:1279
‪TYPO3\CMS\Core\Database\Query\Restriction\StartTimeRestriction
Definition: StartTimeRestriction.php:27
‪TYPO3\CMS\Core\Database\Query\Restriction\QueryRestrictionInterface\buildExpression
‪CompositeExpression buildExpression(array $queriedTables, ExpressionBuilder $expressionBuilder)
‪TYPO3\CMS\Core\Session\Backend\SessionBackendInterface\collectGarbage
‪collectGarbage(int $maximumLifetime, int $maximumAnonymousLifetime=0)
‪TYPO3\CMS\Core\Authentication
Definition: AbstractAuthenticationService.php:16
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$username_column
‪string $username_column
Definition: AbstractUserAuthentication.php:73
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$cookieWasSetOnCurrentRequest
‪bool $cookieWasSetOnCurrentRequest
Definition: AbstractUserAuthentication.php:249
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$sendNoCacheHeaders
‪bool $sendNoCacheHeaders
Definition: AbstractUserAuthentication.php:176
‪TYPO3\CMS\Core\Exception
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray
‪array getAuthInfoArray()
Definition: AbstractUserAuthentication.php:1340
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkLogFailures
‪checkLogFailures($email, $secondsBack, $maxFailures)
Definition: AbstractUserAuthentication.php:1410
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\createUserSession
‪array createUserSession($tempuser)
Definition: AbstractUserAuthentication.php:864
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\start
‪start()
Definition: AbstractUserAuthentication.php:313
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\__construct
‪__construct()
Definition: AbstractUserAuthentication.php:285
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getCookie
‪string getCookie($cookieName)
Definition: AbstractUserAuthentication.php:486
‪TYPO3\CMS\Core\Session\SessionManager
Definition: SessionManager.php:39
‪TYPO3\CMS\Core\Session\Backend\HashableSessionBackendInterface
Definition: HashableSessionBackendInterface.php:21
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\regenerateSessionId
‪regenerateSessionId(array $existingSessionRecord=[], bool $anonymous=false)
Definition: AbstractUserAuthentication.php:834
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\removeCookie
‪removeCookie($cookieName)
Definition: AbstractUserAuthentication.php:1024
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\writelog
‪writelog($type, $action, $error, $details_nr, $details, $data, $tablename, $recuid, $recpid)
Definition: AbstractUserAuthentication.php:1398
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$newSessionID
‪bool $newSessionID
Definition: AbstractUserAuthentication.php:235
‪TYPO3\CMS\Core\Database\Query\Restriction\QueryRestrictionContainerInterface
Definition: QueryRestrictionContainerInterface.php:25
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$gc_time
‪int $gc_time
Definition: AbstractUserAuthentication.php:156
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$id
‪string $id
Definition: AbstractUserAuthentication.php:215
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication
‪checkAuthentication()
Definition: AbstractUserAuthentication.php:519
‪TYPO3\CMS\Core\SysLog\Action\Login
Definition: Login.php:24
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$formfield_uident
‪string $formfield_uident
Definition: AbstractUserAuthentication.php:119
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$warningPeriod
‪int $warningPeriod
Definition: AbstractUserAuthentication.php:194
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$enablecolumns
‪array $enablecolumns
Definition: AbstractUserAuthentication.php:98
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getHttpHeaders
‪array getHttpHeaders()
Definition: AbstractUserAuthentication.php:374
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$formfield_status
‪string $formfield_status
Definition: AbstractUserAuthentication.php:124
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\fetchUserSession
‪array bool fetchUserSession($skipSessionUpdate=false)
Definition: AbstractUserAuthentication.php:920
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\performLogoff
‪performLogoff()
Definition: AbstractUserAuthentication.php:1007
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setSessionData
‪setSessionData($key, $data)
Definition: AbstractUserAuthentication.php:1218
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$usergroup_table
‪string $usergroup_table
Definition: AbstractUserAuthentication.php:68
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isExistingSessionRecord
‪bool isExistingSessionRecord($id)
Definition: AbstractUserAuthentication.php:1039
‪TYPO3\CMS\Core\Database\Query\Restriction\RootLevelRestriction
Definition: RootLevelRestriction.php:27
‪TYPO3\CMS\Core\Session\Backend\SessionBackendInterface\update
‪array update(string $sessionId, array $sessionData)
‪TYPO3\CMS\Core\Session\Backend\SessionBackendInterface\set
‪array set(string $sessionId, array $sessionData)
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isSetSessionCookie
‪bool isSetSessionCookie()
Definition: AbstractUserAuthentication.php:497
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getSessionBackend
‪SessionBackendInterface getSessionBackend()
Definition: AbstractUserAuthentication.php:1502
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getModuleData
‪mixed getModuleData($module, $type='')
Definition: AbstractUserAuthentication.php:1181
‪TYPO3\CMS\Core\Session\Backend\SessionBackendInterface
Definition: SessionBackendInterface.php:28
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\pushModuleData
‪pushModuleData($module, $data, $noSave=0)
Definition: AbstractUserAuthentication.php:1161
‪TYPO3\CMS\Core\SysLog\Error
Definition: Error.php:24
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$usergroup_column
‪string $usergroup_column
Definition: AbstractUserAuthentication.php:88
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getSessionData
‪mixed getSessionData($key)
Definition: AbstractUserAuthentication.php:1206
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$warningMax
‪int $warningMax
Definition: AbstractUserAuthentication.php:199
‪TYPO3\CMS\Core\Authentication\LoginType\LOGOUT
‪const LOGOUT
Definition: LoginType.php:35
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthServices
‪Traversable getAuthServices(string $subType, array $loginData, array $authInfo)
Definition: AbstractUserAuthentication.php:813
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$showHiddenRecords
‪bool $showHiddenRecords
Definition: AbstractUserAuthentication.php:109
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setAndSaveSessionData
‪setAndSaveSessionData($key, $data)
Definition: AbstractUserAuthentication.php:1233
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$name
‪string $name
Definition: AbstractUserAuthentication.php:58
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$writeAttemptLog
‪bool $writeAttemptLog
Definition: AbstractUserAuthentication.php:171
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getLoginType
‪string getLoginType()
Definition: AbstractUserAuthentication.php:1492
‪TYPO3\CMS\Core\Authentication\LoginType\LOGIN
‪const LOGIN
Definition: LoginType.php:30
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\sendHttpHeaders
‪sendHttpHeaders()
Definition: AbstractUserAuthentication.php:356
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\enforceNewSessionId
‪enforceNewSessionId()
Definition: AbstractUserAuthentication.php:972
‪TYPO3\CMS\Core\Session\Backend\SessionBackendInterface\remove
‪bool remove(string $sessionId)
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$user
‪array null $user
Definition: AbstractUserAuthentication.php:230
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$hash_length
‪int $hash_length
Definition: AbstractUserAuthentication.php:185
‪TYPO3\CMS\Core\Database\Connection
Definition: Connection.php:36
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$loginSessionStarted
‪bool $loginSessionStarted
Definition: AbstractUserAuthentication.php:225
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$lastLogin_column
‪string $lastLogin_column
Definition: AbstractUserAuthentication.php:93
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$userident_column
‪string $userident_column
Definition: AbstractUserAuthentication.php:78
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$auth_timeout_field
‪string $auth_timeout_field
Definition: AbstractUserAuthentication.php:139
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isRefreshTimeBasedCookie
‪bool isRefreshTimeBasedCookie()
Definition: AbstractUserAuthentication.php:508
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$gc_probability
‪int $gc_probability
Definition: AbstractUserAuthentication.php:161
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\gc
‪gc()
Definition: AbstractUserAuthentication.php:1380
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getLoginFormData
‪array getLoginFormData()
Definition: AbstractUserAuthentication.php:1256
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$sessionTimeout
‪int $sessionTimeout
Definition: AbstractUserAuthentication.php:133
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getNewSessionRecord
‪array getNewSessionRecord($tempuser)
Definition: AbstractUserAuthentication.php:901
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$forceSetCookie
‪bool $forceSetCookie
Definition: AbstractUserAuthentication.php:240
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:5
‪TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction
Definition: DeletedRestriction.php:28
‪TYPO3\CMS\Core\Core\Environment
Definition: Environment.php:40
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$userid_column
‪string $userid_column
Definition: AbstractUserAuthentication.php:83
‪TYPO3\CMS\Core\Utility\GeneralUtility\intExplode
‪static int[] intExplode($delimiter, $string, $removeEmptyValues=false, $limit=0)
Definition: GeneralUtility.php:988
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isCookieSet
‪bool isCookieSet()
Definition: AbstractUserAuthentication.php:1063
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$dontSetCookie
‪bool $dontSetCookie
Definition: AbstractUserAuthentication.php:245
‪TYPO3\CMS\Core\Crypto\Random
Definition: Random.php:24
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setSessionCookie
‪setSessionCookie()
Definition: AbstractUserAuthentication.php:402
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setBeUserByUid
‪setBeUserByUid($uid)
Definition: AbstractUserAuthentication.php:1425
‪TYPO3\CMS\Core\Database\ConnectionPool
Definition: ConnectionPool.php:46
‪TYPO3\CMS\Core\Authentication\IpLocker
Definition: IpLocker.php:26
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setBeUserByName
‪setBeUserByName($name)
Definition: AbstractUserAuthentication.php:1437
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:46
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$uc
‪array $uc
Definition: AbstractUserAuthentication.php:263
‪TYPO3\CMS\Core\Authentication\MimicServiceInterface\mimicAuthUser
‪bool mimicAuthUser()
‪TYPO3\CMS\Core\Core\Environment\isCli
‪static bool isCli()
Definition: Environment.php:154
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$warningEmail
‪string $warningEmail
Definition: AbstractUserAuthentication.php:189
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$writeStdLog
‪bool $writeStdLog
Definition: AbstractUserAuthentication.php:166
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$formfield_uname
‪string $formfield_uname
Definition: AbstractUserAuthentication.php:114
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$svConfig
‪array $svConfig
Definition: AbstractUserAuthentication.php:259
‪TYPO3\CMS\Core\Session\Backend\Exception\SessionNotFoundException
Definition: SessionNotFoundException.php:24
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$user_table
‪string $user_table
Definition: AbstractUserAuthentication.php:63
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$lifetime
‪int $lifetime
Definition: AbstractUserAuthentication.php:149
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getRawUserByName
‪array getRawUserByName($name)
Definition: AbstractUserAuthentication.php:1468
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getSessionId
‪string getSessionId()
Definition: AbstractUserAuthentication.php:1483
‪TYPO3\CMS\Core\SysLog\Type
Definition: Type.php:24
‪TYPO3\CMS\Core\Database\Query\Restriction\DefaultRestrictionContainer
Definition: DefaultRestrictionContainer.php:24
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication
Definition: AbstractUserAuthentication.php:51
‪TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\userConstraints
‪QueryRestrictionContainerInterface userConstraints()
Definition: AbstractUserAuthentication.php:1081
‪TYPO3\CMS\Core\Database\Connection\PARAM_LOB
‪const PARAM_LOB
Definition: Connection.php:57