CommandLineUserAuthentication extends BackendUserAuthentication

TYPO3 backend user authentication on a CLI level Auto-logs in, only allowed on CLI

Table of Contents

Constants

ROLE_SYSTEMMAINTAINER  = 'systemMaintainer'

Properties

$checkPid  : bool
If set, the user-record must be stored at the page defined by $checkPid_value
$checkPid_value  : int|string
The page id the user record must be stored at, can also hold a comma separated list of pids
$dontSetCookie  : bool
Will prevent the setting of the session cookie
$enablecolumns  : array<string|int, mixed>
Enable field columns of user table
$errorMsg  : string
Contains last error message
$firstMainGroup  : int
$formfield_status  : string
Form field with status: *'login', 'logout'
$formfield_uident  : string
Form field with password
$formfield_uname  : string
Form field with login-name
$groupData  : array<string|int, mixed>
holds lists of eg. tables, fields and other values related to the permission-system. See fetchGroupData
$lastLogin_column  : string
Column name for last login timestamp
$loginSessionStarted  : bool
Will be set to TRUE if the login session is actually written during auth-check.
$loginType  : string
Login type, used for services.
$name  : string
Session/Cookie name
$uc  : array<string|int, mixed>|string
User Config
$uc_default  : array<string|int, mixed>
User Config Default values: The array may contain other fields for configuration.
$user  : array<string|int, mixed>|null
$user_table  : string
Table in database with user data
$usergroup_column  : string
Should be set to the usergroup-column (id-list) in the user-record
$usergroup_table  : string
The name of the group-table
$userGroups  : array<string|int, mixed>
This array will hold the groups that the user is a member of
$userGroupsUID  : array<string|int, mixed>
This array holds the uid's of the groups in the listed order
$userid_column  : string
Column for user-id
$userident_column  : string
Column for password
$username_column  : string
Column for login-name
$workspace  : int
User workspace.
$workspaceRec  : array<string|int, mixed>
Custom workspace record if any
$writeAttemptLog  : bool
If the writelog() functions is called if a login-attempt has be tried without success
$writeStdLog  : bool
Decides if the writelog() function is called at login and logout
$checkWorkspaceCurrent_cache  : array<string|int, mixed>|null
Cache for checkWorkspaceCurrent()
$filePermissions  : array<string|int, mixed>|null
$fileStorages  : array<string|int, ResourceStorage>
$lifetime  : int
Lifetime for the session-cookie (on the client)
$setCookie  : Cookie|null
If set, this cookie will be set to the response.
$username  : string
The username of the CLI user (there is only one)
$userSession  : UserSession|null
$userSessionManager  : UserSessionManager
$userTS  : array<string|int, mixed>
$userTSUpdated  : bool

Methods

__construct()  : mixed
Constructor, only allowed in CLI mode
__get()  : mixed
__isset()  : bool
__set()  : mixed
__unset()  : void
appendCookieToResponse()  : ResponseInterface
Used to apply a cookie to a PSR-7 Response.
authenticate()  : mixed
Logs-in the _CLI_ user. It does not need to check for credentials.
backendCheckLogin()  : mixed
Logs in the TYPO3 Backend user "_cli_"
backendSetUC()  : mixed
Initialize the internal ->uc array for the backend user Will make the overrides if necessary, and write the UC back to the be_users record if changes has happened
calcPerms()  : int
Returns a combined binary representation of the current users permissions for the page-record, $row.
check()  : bool
Returns TRUE if the $value is found in the list in a $this->groupData[] index pointed to by $type (array key).
checkAuthentication()  : mixed
Replacement for AbstractUserAuthentication::checkAuthentication()
checkAuthMode()  : bool
Checking the authMode of a select field with authMode set
checkFullLanguagesAccess()  : bool
Check if user has access to all existing localizations for a certain record
checkLanguageAccess()  : bool
Checking if a language value (-1, 0 and >0 for sys_language records) is allowed to be edited by the user.
checkWorkspace()  : array<string|int, mixed>
Checking if a workspace is allowed for backend user
checkWorkspaceCurrent()  : array<string|int, mixed>
Uses checkWorkspace() to check if current workspace is available for user.
createSessionId()  : string
Creates a new session ID.
createUserSession()  : UserSession
Creates a user session record and returns its values.
doesUserHaveAccess()  : bool
Checks if the permissions is granted based on a page-record ($row) and $perms (binary and'ed)
enforceNewSessionId()  : mixed
Regenerates the session ID and sets the cookie again.
evaluateUserSpecificFileFilterSettings()  : mixed
Adds filters based on what the user has set this should be done in this place, and called whenever needed, but only when needed
fetchGroupData()  : mixed
Initializes a lot of stuff like the access-lists, database-mountpoints and filemountpoints This method is called by ->backendCheckLogin() (from extending BackendUserAuthentication) if the backend user login has verified OK.
fetchUserSession()  : array<string|int, mixed>|bool
Read the user session from db.
getAuthInfoArray()  : array<string|int, mixed>
Returns an info array which provides additional information for auth services
getCategoryMountPoints()  : array<string|int, mixed>
Returns an array of category mount points. The category permissions from BE Groups are also taken into consideration and are merged into User permissions.
getCookieName()  : string
Getter for the cookie name
getDefaultUploadFolder()  : Folder|false
Returns a \TYPO3\CMS\Core\Resource\Folder object that is used for uploading files by default.
getDefaultUploadTemporaryFolder()  : Folder|null
Returns a \TYPO3\CMS\Core\Resource\Folder object that could be used for uploading temporary files in user context. The folder _temp_ below the default upload folder of the user is used.
getDefaultWorkspace()  : int
Return default workspace ID for user, if EXT:workspaces is not installed the user will be pushed to the Live workspace, if he has access to. If no workspace is available for the user, the workspace ID is set to "-99"
getFileMountRecords()  : array<string|int, mixed>
Returns an array of file mount records, taking workspaces and user home and group home directories into account Needs to be called AFTER the groups have been loaded.
getFilePermissions()  : array<string|int, mixed>
Returns the information about file permissions.
getFilePermissionsForStorage()  : array<string|int, mixed>
Gets the file permissions for a storage by merging any storage-specific permissions for a storage with the default settings.
getFileStorages()  : array<string|int, ResourceStorage>
Returns an array with the filemounts for the user.
getLoginFormData()  : array<string|int, mixed>
Returns an info array with Login/Logout data submitted by a form or params
getModuleData()  : mixed
Gets module data for a module (from a loaded ->uc array)
getOriginalUserIdWhenInSwitchUserMode()  : int|null
On CLI there is no session and no switched user
getPagePermsClause()  : string
Returns a WHERE-clause for the pages-table where user permissions according to input argument, $perms, is validated.
getRawUserByName()  : array<string|int, mixed>
Fetching raw user record with username=$name
getRawUserByUid()  : array<string|int, mixed>
Fetching raw user record with uid=$uid
getSession()  : UserSession
getSessionData()  : mixed
Returns the session data stored for $key.
getTSConfig()  : array<string|int, mixed>
Returns full parsed user TSconfig array, merged with TSconfig from groups.
initializeBackendLogin()  : void
initializeUserSessionManager()  : void
Currently needed for various unit tests, until start() and checkAuthentication() methods are smaller and extracted from this class.
initializeWebmountsForElementBrowser()  : mixed
Checks for alternative web mount points for the element browser.
isActiveLogin()  : bool
isAdmin()  : bool
Returns TRUE if user is admin Basically this function evaluates if the ->user[admin] field has bit 0 set. If so, user is admin.
isCookieSet()  : bool
Returns whether this request is going to set a cookie or a cookie was already found in the system
isExportEnabled()  : bool
Returns if export functionality is available for current user
isImportEnabled()  : bool
Returns if import functionality is available for current user
isInWebMount()  : int|null
Checks if the page id or page record ($idOrRow) is found within the webmounts set up for the user.
isMemberOfGroup()  : bool
Returns TRUE if the current user is a member of group $groupId $groupId must be set. $this->userGroupsUID must contain groups Will return TRUE also if the user is a member of a group through subgroups.
isMfaSetupRequired()  : bool
Evaluate whether the user is required to set up MFA, based on user TSconfig and global configuration
isRefreshTimeBasedCookie()  : bool
Determine whether a non-session cookie needs to be set (lifetime>0)
isRTE()  : bool
Returns TRUE if the RTE (Rich Text Editor) is enabled for the user.
isSetSessionCookie()  : bool
Determine whether a session cookie needs to be set (lifetime=0)
isSystemMaintainer()  : bool
Checks if the user is in the valid list of allowed system maintainers. if the list is not set, then all admins are system maintainers. If the list is empty, no one is system maintainer (good for production systems). If the currently logged in user is in "switch user" mode, this method will return false.
isUserAllowedToLogin()  : bool
Determines whether a CLI backend user is allowed to access TYPO3.
jsConfirmation()  : bool
Returns TRUE or FALSE, depending if an alert popup (a javascript confirmation) should be shown call like $GLOBALS['BE_USER']->jsConfirmation($BITMASK).
logoff()  : mixed
Logs out the current user and clears the form protection tokens.
mayMakeShortcut()  : bool
Returns TRUE if the BE_USER is allowed to *create* shortcuts in the backend modules
modAccess()  : bool
Checks access to a backend module with the $MCONF passed as first argument
overrideUC()  : mixed
Override: Call this function every time the uc is updated.
processLoginData()  : array<string|int, mixed>
Processes Login data submitted by a form or params
pushModuleData()  : mixed
Stores data for a module.
recordEditAccessInternals()  : bool
Checking if a user has editing access to a record from a $GLOBALS['TCA'] table.
removeCookie()  : mixed
Empty / unset the cookie
resetUC()  : mixed
Clears the user[uc] and ->uc to blank strings. Then calls ->backendSetUC() to fill it again with reset contents
returnWebmounts()  : array<string|int, mixed>
Returns an array with the webmounts.
setAndSaveSessionData()  : mixed
Sets the session data ($data) for $key and writes all session data (from ->user['ses_data']) to the database.
setBeUserByName()  : mixed
Raw initialization of the be_user with username=$name
setBeUserByUid()  : mixed
Raw initialization of the be_user with uid=$uid This will circumvent all login procedures and select a be_users record from the database and set the content of ->user to the record selected.
setDefaultWorkspace()  : mixed
Sets the default workspace in the context of the current backend user.
setSessionData()  : mixed
Set session data by key.
setTemporaryWorkspace()  : bool
Sets a temporary workspace in the context of the current backend user.
setWebmounts()  : mixed
Initializes the given mount points for the current Backend user.
setWorkspace()  : mixed
Setting workspace ID
shallDisplayDebugInformation()  : bool
Returns whether debug information shall be displayed to the user
start()  : mixed
Replacement for AbstractUserAuthentication::start()
unpack_uc()  : mixed
Sets $theUC as the internal variable ->uc IF $theUC is an array.
workspaceAllowsLiveEditingInTable()  : bool
Checks if a record is allowed to be edited in the current workspace.
workspaceCanCreateNewRecord()  : bool
Evaluates if a record from $table can be created. If the table is not set up for versioning, and the "live edit" flag of the page is set, return false. In live workspace this is always true, as all records can be created in live workspace
workspaceCheckStageForCurrent()  : bool
Checks if an element stage allows access for the user in the current workspace In live workspace (= 0) access is always granted for any stage.
workspaceInit()  : mixed
Initializing workspace.
workspacePublishAccess()  : bool
Returns TRUE if the user has access to publish content from the workspace ID given.
writelog()  : int
Writes an entry in the logfile/table Documentation in "TYPO3 Core API"
writeUC()  : mixed
This writes $variable to the user-record. This is a way of providing session-data.
checkIfCliUserExists()  : bool
Check if a user with username "_cli_" exists. Deleted users are left out but hidden and start / endtime restricted users are considered.
createCliUser()  : mixed
Create a record in the DB table be_users called "_cli_" with no other information
evaluateMfaRequirements()  : void
This method checks if the user is authenticated but has not succeeded in passing his MFA challenge. This method can therefore only be used if a user has been authenticated against his first authentication method (username+password or any other authentication token).
fetchValidUserFromSessionOrDestroySession()  : array<string|int, mixed>|null
If the session is bound to a user, this method fetches the user record, and returns it.
filterValidWebMounts()  : array<string|int, mixed>
Checking read access to web mounts, but keeps "0" or empty strings.
generateHashedPassword()  : string
This function returns a salted hashed key.
getAuthServiceConfiguration()  : array<string|int, mixed>
"auth" services configuration array from $GLOBALS['TYPO3_CONF_VARS']['SVCONF']['auth']
getAuthServices()  : Traversable
Initializes authentication services to be used in a foreach loop
getCookie()  : string
Get the value of a specified cookie.
getCookieDomain()  : string
Gets the domain to be used on setting cookies.
handleLoginFailure()  : void
Implement functionality when there was a failed login
hasEditAccessToLiveWorkspace()  : bool
Checks if the user (or the group) has the workspace_perms set to 1 in order to allow editing records in live workspace.
initializeDbMountpointsInWorkspace()  : mixed
Limiting the DB mountpoints if there any selected in the workspace record
initializeFileStorages()  : mixed
Sets up all file storages for a user.
performLogoff()  : mixed
Perform the logoff action. Called from logoff() as a way to allow subclasses to override what happens when a user logs off, without needing to reproduce the hook calls and logging that happens in the public logoff() API method.
prepareUserTsConfig()  : void
This method parses the UserTSconfig from the current user and all their groups.
regenerateSessionId()  : mixed
Regenerate the session ID and transfer the session to new ID Call this method whenever a user proceeds to a higher authorization level e.g. when an anonymous session is now authenticated.
releaseLockedRecords()  : mixed
Remove any "locked records" added for editing for the given user (= current backend user)
removeSensitiveLoginDataForLoggingInfo()  : mixed
Removes any sensitive data from the incoming data (either from loginData, processedLogin data or the user record from the DB).
setSessionCookie()  : mixed
Sets the session cookie for the current disposal.
updateLoginTimestamp()  : mixed
Updates the last login column in the user with the given id
userConstraints()  : QueryRestrictionContainerInterface
This returns the restrictions needed to select the user respecting enable columns and flags like deleted, hidden, starttime, endtime and rootLevel

Constants

ROLE_SYSTEMMAINTAINER

public mixed ROLE_SYSTEMMAINTAINER = 'systemMaintainer'

Properties

$checkPid

If set, the user-record must be stored at the page defined by $checkPid_value

public bool $checkPid = true

$checkPid_value

The page id the user record must be stored at, can also hold a comma separated list of pids

public int|string $checkPid_value = 0

$dontSetCookie

Will prevent the setting of the session cookie

public bool $dontSetCookie = false

$enablecolumns

Enable field columns of user table

public array<string|int, mixed> $enablecolumns = ['rootLevel' => 1, 'deleted' => 'deleted', 'disabled' => 'disable', 'starttime' => 'starttime', 'endtime' => 'endtime']

$errorMsg

Contains last error message

public string $errorMsg = ''
Internal

should only be used from within TYPO3 Core

$firstMainGroup

public int $firstMainGroup = 0
Internal

should only be used from within TYPO3 Core

$formfield_status

Form field with status: *'login', 'logout'

public string $formfield_status = 'login_status'

$formfield_uident

Form field with password

public string $formfield_uident = 'userident'

$formfield_uname

Form field with login-name

public string $formfield_uname = 'username'

$groupData

holds lists of eg. tables, fields and other values related to the permission-system. See fetchGroupData

public array<string|int, mixed> $groupData = ['allowed_languages' => '', 'tables_select' => '', 'tables_modify' => '', 'pagetypes_select' => '', 'non_exclude_fields' => '', 'explicit_allowdeny' => '', 'custom_options' => '', 'file_permissions' => '']
Internal

$lastLogin_column

Column name for last login timestamp

public string $lastLogin_column = 'lastlogin'

$loginSessionStarted

Will be set to TRUE if the login session is actually written during auth-check.

public bool $loginSessionStarted = false

$loginType

Login type, used for services.

public string $loginType = 'BE'

$name

Session/Cookie name

public string $name = ''

$uc

User Config

public array<string|int, mixed>|string $uc

$uc_default

User Config Default values: The array may contain other fields for configuration.

public array<string|int, mixed> $uc_default = [ 'interfaceSetup' => '', // serialized content that is used to store interface pane and menu positions. Set by the logout.php-script 'moduleData' => [], // user-data for the modules 'emailMeAtLogin' => 0, 'titleLen' => 50, 'edit_RTE' => '1', 'edit_docModuleUpload' => '1', 'resizeTextareas_MaxHeight' => 500, ]

For this, see "setup" extension and "TSconfig" document (User TSconfig, "setup.[xxx]....") Reserved keys for other storage of session data: moduleData moduleSessionID

Internal

should only be used from within TYPO3 Core

$user

public array<string|int, mixed>|null $user

contains user- AND session-data from database (joined tables)

Internal

$user_table

Table in database with user data

public string $user_table = 'be_users'

$usergroup_column

Should be set to the usergroup-column (id-list) in the user-record

public string $usergroup_column = 'usergroup'

$usergroup_table

The name of the group-table

public string $usergroup_table = 'be_groups'

$userGroups

This array will hold the groups that the user is a member of

public array<string|int, mixed> $userGroups = []

$userGroupsUID

This array holds the uid's of the groups in the listed order

public array<string|int, mixed> $userGroupsUID = []

$userid_column

Column for user-id

public string $userid_column = 'uid'

$userident_column

Column for password

public string $userident_column = 'password'

$username_column

Column for login-name

public string $username_column = 'username'

$workspace

User workspace.

public int $workspace = -99

-99 is ERROR (none available) 0 is online

0 is custom workspaces

$workspaceRec

Custom workspace record if any

public array<string|int, mixed> $workspaceRec = []

$writeAttemptLog

If the writelog() functions is called if a login-attempt has be tried without success

public bool $writeAttemptLog = true

$writeStdLog

Decides if the writelog() function is called at login and logout

public bool $writeStdLog = true

$checkWorkspaceCurrent_cache

Cache for checkWorkspaceCurrent()

protected array<string|int, mixed>|null $checkWorkspaceCurrent_cache

$filePermissions

protected array<string|int, mixed>|null $filePermissions

$lifetime

Lifetime for the session-cookie (on the client)

protected int $lifetime = 0

If >0: permanent cookie with given lifetime If 0: session-cookie Session-cookie means the browser will remove it when the browser is closed.

$setCookie

If set, this cookie will be set to the response.

protected Cookie|null $setCookie = null

$username

The username of the CLI user (there is only one)

protected string $username = '_cli_'

$userSessionManager

protected UserSessionManager $userSessionManager

$userTS

protected array<string|int, mixed> $userTS = []

Parsed user TSconfig

$userTSUpdated

protected bool $userTSUpdated = false

True if the user TSconfig was parsed and needs to be cached.

Methods

__construct()

Constructor, only allowed in CLI mode

public __construct() : mixed
Tags
throws
RuntimeException

__get()

public __get(string $propertyName) : mixed
Parameters
$propertyName : string

__isset()

public __isset(string $propertyName) : bool
Parameters
$propertyName : string
Return values
bool

__set()

public __set(string $propertyName, mixed $propertyValue) : mixed
Parameters
$propertyName : string
$propertyValue : mixed

__unset()

public __unset(string $propertyName) : void
Parameters
$propertyName : string

appendCookieToResponse()

Used to apply a cookie to a PSR-7 Response.

public appendCookieToResponse(ResponseInterface $response) : ResponseInterface
Parameters
$response : ResponseInterface
Return values
ResponseInterface

authenticate()

Logs-in the _CLI_ user. It does not need to check for credentials.

public authenticate() : mixed
Tags
throws
RuntimeException

when the user could not log in or it is an admin

backendCheckLogin()

Logs in the TYPO3 Backend user "_cli_"

public backendCheckLogin([bool|null $proceedIfNoUserIsLoggedIn = null ]) : mixed
Parameters
$proceedIfNoUserIsLoggedIn : bool|null = null

if this option is set, then there won't be a redirect to the login screen of the Backend - used for areas in the backend which do not need user rights like the login page.

backendSetUC()

Initialize the internal ->uc array for the backend user Will make the overrides if necessary, and write the UC back to the be_users record if changes has happened

public backendSetUC() : mixed
Internal

calcPerms()

Returns a combined binary representation of the current users permissions for the page-record, $row.

public calcPerms(array<string|int, mixed> $row) : int

The perms for user, group and everybody is OR'ed together (provided that the page-owner is the user and for the groups that the user is a member of the group. If the user is admin, 31 is returned (full permissions for all five flags)

Parameters
$row : array<string|int, mixed>

Input page row with all perms_* fields available.

Return values
int

Bitwise representation of the users permissions in relation to input page row, $row

check()

Returns TRUE if the $value is found in the list in a $this->groupData[] index pointed to by $type (array key).

public check(string $type, string $value) : bool

Can thus be users to check for modules, exclude-fields, select/modify permissions for tables etc. If user is admin TRUE is also returned

Parameters
$type : string

The type value; "webmounts", "filemounts", "pagetypes_select", "tables_select", "tables_modify", "non_exclude_fields", "modules", "available_widgets", "mfa_providers"

$value : string

String to search for in the groupData-list

Return values
bool

TRUE if permission is granted (that is, the value was found in the groupData list - or the BE_USER is "admin")

checkAuthentication()

Replacement for AbstractUserAuthentication::checkAuthentication()

public checkAuthentication([ServerRequestInterface|null $request = null ]) : mixed

Not required in CLI mode, therefore empty.

Parameters
$request : ServerRequestInterface|null = null

@todo: Make mandatory in v12.

checkAuthMode()

Checking the authMode of a select field with authMode set

public checkAuthMode(string $table, string $field, string $value, string $authMode) : bool
Parameters
$table : string

Table name

$field : string

Field name (must be configured in TCA and of type "select" with authMode set!)

$value : string

Value to evaluation (single value, must not contain any of the chars ":,|")

$authMode : string

Auth mode keyword (explicitAllow, explicitDeny, individual)

Return values
bool

Whether access is granted or not

checkFullLanguagesAccess()

Check if user has access to all existing localizations for a certain record

public checkFullLanguagesAccess(string $table, array<string|int, mixed> $record) : bool
Parameters
$table : string

The table

$record : array<string|int, mixed>

The current record

Return values
bool

checkLanguageAccess()

Checking if a language value (-1, 0 and >0 for sys_language records) is allowed to be edited by the user.

public checkLanguageAccess(int $langValue) : bool
Parameters
$langValue : int

Language value to evaluate

Return values
bool

Returns TRUE if the language value is allowed, otherwise FALSE.

checkWorkspace()

Checking if a workspace is allowed for backend user

public checkWorkspace(mixed $wsRec[, string $fields = '*' ]) : array<string|int, mixed>
Parameters
$wsRec : mixed

If integer, workspace record is looked up, if array it is seen as a Workspace record with at least uid, title, members and adminusers columns. Can be faked for workspaces uid 0 and -1 (online and offline)

$fields : string = '*'

List of fields to select. Default fields are all

Internal

should only be used from within TYPO3 Core

Return values
array<string|int, mixed>

Output will also show how access was granted. Admin users will have a true output regardless of input.

checkWorkspaceCurrent()

Uses checkWorkspace() to check if current workspace is available for user.

public checkWorkspaceCurrent() : array<string|int, mixed>

This function caches the result and so can be called many times with no performance loss.

Internal

should only be used from within TYPO3 Core

Tags
see
checkWorkspace()
Return values
array<string|int, mixed>

See checkWorkspace()

createSessionId()

Creates a new session ID.

public createSessionId() : string
Deprecated

since TYPO3 v11.0, will be removed in TYPO3 v12, is kept because it is used in Testing Framework

Return values
string

The new session ID

createUserSession()

Creates a user session record and returns its values.

public createUserSession(array<string|int, mixed> $tempuser) : UserSession
Parameters
$tempuser : array<string|int, mixed>

User data array

Return values
UserSession

The session data for the newly created session.

doesUserHaveAccess()

Checks if the permissions is granted based on a page-record ($row) and $perms (binary and'ed)

public doesUserHaveAccess(array<string|int, mixed> $row, int $perms) : bool

Bits for permissions, see $perms variable:

1 - Show: See/Copy page and the pagecontent. 2 - Edit page: Change/Move the page, eg. change title, startdate, hidden. 4 - Delete page: Delete the page and pagecontent. 8 - New pages: Create new pages under the page. 16 - Edit pagecontent: Change/Add/Delete/Move pagecontent.

Parameters
$row : array<string|int, mixed>

Is the pagerow for which the permissions is checked

$perms : int

Is the binary representation of the permission we are going to check. Every bit in this number represents a permission that must be set. See function explanation.

Return values
bool

enforceNewSessionId()

Regenerates the session ID and sets the cookie again.

public enforceNewSessionId() : mixed
Internal

evaluateUserSpecificFileFilterSettings()

Adds filters based on what the user has set this should be done in this place, and called whenever needed, but only when needed

public evaluateUserSpecificFileFilterSettings() : mixed

fetchGroupData()

Initializes a lot of stuff like the access-lists, database-mountpoints and filemountpoints This method is called by ->backendCheckLogin() (from extending BackendUserAuthentication) if the backend user login has verified OK.

public fetchGroupData() : mixed

Generally this is required initialization of a backend user.

Internal
Tags
see
TypoScriptParser

fetchUserSession()

Read the user session from db.

public fetchUserSession([bool $skipSessionUpdate = false ]) : array<string|int, mixed>|bool
Deprecated

since TYPO3 v11, will be removed in TYPO3 v12.

Parameters
$skipSessionUpdate : bool = false
Return values
array<string|int, mixed>|bool

User session data, false if $userSession->getIdentifier() does not represent valid session

getAuthInfoArray()

Returns an info array which provides additional information for auth services

public getAuthInfoArray() : array<string|int, mixed>
Internal
Return values
array<string|int, mixed>

getCategoryMountPoints()

Returns an array of category mount points. The category permissions from BE Groups are also taken into consideration and are merged into User permissions.

public getCategoryMountPoints() : array<string|int, mixed>
Return values
array<string|int, mixed>

getCookieName()

Getter for the cookie name

public static getCookieName() : string
Tags
static
Return values
string

returns the configured cookie name

getDefaultUploadFolder()

Returns a \TYPO3\CMS\Core\Resource\Folder object that is used for uploading files by default.

public getDefaultUploadFolder([int $pid = null ][, string $table = null ][, string $field = null ]) : Folder|false

This is used for RTE and its magic images, as well as uploads in the TCEforms fields.

The default upload folder for a user is the defaultFolder on the first filestorage/filemount that the user can access and to which files are allowed to be added however, you can set the users' upload folder like this:

options.defaultUploadFolder = 3:myfolder/yourfolder/

Parameters
$pid : int = null

PageUid

$table : string = null

Table name

$field : string = null

Field name

Return values
Folder|false

The default upload folder for this user

getDefaultUploadTemporaryFolder()

Returns a \TYPO3\CMS\Core\Resource\Folder object that could be used for uploading temporary files in user context. The folder _temp_ below the default upload folder of the user is used.

public getDefaultUploadTemporaryFolder() : Folder|null
Tags
see
BackendUserAuthentication::getDefaultUploadFolder()
Return values
Folder|null

getDefaultWorkspace()

Return default workspace ID for user, if EXT:workspaces is not installed the user will be pushed to the Live workspace, if he has access to. If no workspace is available for the user, the workspace ID is set to "-99"

public getDefaultWorkspace() : int
Internal

should only be used from within TYPO3 Core

Return values
int

Default workspace id.

getFileMountRecords()

Returns an array of file mount records, taking workspaces and user home and group home directories into account Needs to be called AFTER the groups have been loaded.

public getFileMountRecords() : array<string|int, mixed>
Internal
Return values
array<string|int, mixed>

getFilePermissions()

Returns the information about file permissions.

public getFilePermissions() : array<string|int, mixed>

Previously, this was stored in the DB field fileoper_perms now it is file_permissions. Besides it can be handled via userTSconfig

permissions.file.default { addFile = 1 readFile = 1 writeFile = 1 copyFile = 1 moveFile = 1 renameFile = 1 deleteFile = 1

addFolder = 1 readFolder = 1 writeFolder = 1 copyFolder = 1 moveFolder = 1 renameFolder = 1 deleteFolder = 1 recursivedeleteFolder = 1 }

overwrite settings for a specific storageObject

permissions.file.storage.StorageUid { readFile = 1 recursivedeleteFolder = 0 }

Please note that these permissions only apply, if the storage has the capabilities (browseable, writable), and if the driver allows for writing etc

Return values
array<string|int, mixed>

getFilePermissionsForStorage()

Gets the file permissions for a storage by merging any storage-specific permissions for a storage with the default settings.

public getFilePermissionsForStorage(ResourceStorage $storageObject) : array<string|int, mixed>

Admin users will always get the default settings.

Parameters
$storageObject : ResourceStorage
Return values
array<string|int, mixed>

getFileStorages()

Returns an array with the filemounts for the user.

public getFileStorages() : array<string|int, ResourceStorage>

Each filemount is represented with an array of a "name", "path" and "type". If no filemounts an empty array is returned.

Return values
array<string|int, ResourceStorage>

getLoginFormData()

Returns an info array with Login/Logout data submitted by a form or params

public getLoginFormData() : array<string|int, mixed>
Internal
Return values
array<string|int, mixed>

getModuleData()

Gets module data for a module (from a loaded ->uc array)

public getModuleData(string $module[, string $type = '' ]) : mixed
Parameters
$module : string

Is the name of the module ($MCONF['name'])

$type : string = ''

If $type = 'ses' then module data is returned only if it was stored in the current session, otherwise data from a previous session will be returned (if available).

Return values
mixed

The module data if available: $this->uc['moduleData'][$module];

getOriginalUserIdWhenInSwitchUserMode()

On CLI there is no session and no switched user

public getOriginalUserIdWhenInSwitchUserMode() : int|null
Return values
int|null

The user id

getPagePermsClause()

Returns a WHERE-clause for the pages-table where user permissions according to input argument, $perms, is validated.

public getPagePermsClause(int $perms) : string

$perms is the "mask" used to select. Fx. if $perms is 1 then you'll get all pages that a user can actually see! 2^0 = show (1) 2^1 = edit (2) 2^2 = delete (4) 2^3 = new (8) If the user is 'admin' " 1=1" is returned (no effect) If the user is not set at all (->user is not an array), then " 1=0" is returned (will cause no selection results at all) The 95% use of this function is "->getPagePermsClause(1)" which will return WHERE clauses for selecting pages in backend listings - in other words this will check read permissions.

Parameters
$perms : int

Permission mask to use, see function description

Internal

should only be used from within TYPO3 Core, use PagePermissionDatabaseRestriction instead.

Return values
string

Part of where clause. Prefix " AND " to this.

getRawUserByName()

Fetching raw user record with username=$name

public getRawUserByName(string $name) : array<string|int, mixed>
Parameters
$name : string

The username to look up.

Internal
Tags
see
AbstractUserAuthentication::getUserByUid()
Return values
array<string|int, mixed>

user record or FALSE

getRawUserByUid()

Fetching raw user record with uid=$uid

public getRawUserByUid(int $uid) : array<string|int, mixed>
Parameters
$uid : int

The UID of the backend user to set in ->user

Internal
Return values
array<string|int, mixed>

user record or FALSE

getSessionData()

Returns the session data stored for $key.

public getSessionData(string $key) : mixed

The data will last only for this login session since it is stored in the user session.

Parameters
$key : string

The key associated with the session data

getTSConfig()

Returns full parsed user TSconfig array, merged with TSconfig from groups.

public getTSConfig() : array<string|int, mixed>

Example: [ 'options.' => [ 'fooEnabled' => '0', 'fooEnabled.' => [ 'tt_content' => 1, ], ], ]

Return values
array<string|int, mixed>

Parsed and merged user TSconfig array

initializeBackendLogin()

public initializeBackendLogin() : void
Internal

initializeUserSessionManager()

Currently needed for various unit tests, until start() and checkAuthentication() methods are smaller and extracted from this class.

public initializeUserSessionManager([UserSessionManager|null $userSessionManager = null ]) : void
Parameters
$userSessionManager : UserSessionManager|null = null
Internal

initializeWebmountsForElementBrowser()

Checks for alternative web mount points for the element browser.

public initializeWebmountsForElementBrowser() : mixed

If there is a temporary mount point active in the page tree it will be used.

If the User TSconfig options.pageTree.altElementBrowserMountPoints is not empty the pages configured there are used as web mounts If options.pageTree.altElementBrowserMountPoints.append is enabled, they are appended to the existing webmounts.

Internal
  • do not use in your own extension

isActiveLogin()

public isActiveLogin(ServerRequestInterface $request) : bool
Parameters
$request : ServerRequestInterface
Return values
bool

isAdmin()

Returns TRUE if user is admin Basically this function evaluates if the ->user[admin] field has bit 0 set. If so, user is admin.

public isAdmin() : bool
Return values
bool

isCookieSet()

Returns whether this request is going to set a cookie or a cookie was already found in the system

public isCookieSet() : bool
Return values
bool

Returns TRUE if a cookie is set

isExportEnabled()

Returns if export functionality is available for current user

public isExportEnabled() : bool
Internal
Return values
bool

isImportEnabled()

Returns if import functionality is available for current user

public isImportEnabled() : bool
Internal
Return values
bool

isInWebMount()

Checks if the page id or page record ($idOrRow) is found within the webmounts set up for the user.

public isInWebMount(int|array<string|int, mixed> $idOrRow[, string $readPerms = '' ][, bool|int|null $exitOnError = null ]) : int|null

This should ALWAYS be checked for any page id a user works with, whether it's about reading, writing or whatever. The point is that this will add the security that a user can NEVER touch parts outside his mounted pages in the page tree. This is otherwise possible if the raw page permissions allows for it. So this security check just makes it easier to make safe user configurations. If the user is admin then it returns "1" right away Otherwise the function will return the uid of the webmount which was first found in the rootline of the input page $id

Parameters
$idOrRow : int|array<string|int, mixed>

Page ID or full page record to check

$readPerms : string = ''

Content of "->getPagePermsClause(1)" (read-permissions). If not set, they will be internally calculated (but if you have the correct value right away you can save that database lookup!)

$exitOnError : bool|int|null = null

If set, then the function will exit with an error message. @deprecated will be removed in TYPO3 v12.0.

Tags
throws
RuntimeException
Return values
int|null

The page UID of a page in the rootline that matched a mount point

isMemberOfGroup()

Returns TRUE if the current user is a member of group $groupId $groupId must be set. $this->userGroupsUID must contain groups Will return TRUE also if the user is a member of a group through subgroups.

public isMemberOfGroup(int $groupId) : bool
Parameters
$groupId : int

Group ID to look for in $this->userGroupsUID

Internal

should only be used from within TYPO3 Core, use Context API for quicker access

Return values
bool

isMfaSetupRequired()

Evaluate whether the user is required to set up MFA, based on user TSconfig and global configuration

public isMfaSetupRequired() : bool
Internal
Return values
bool

isRefreshTimeBasedCookie()

Determine whether a non-session cookie needs to be set (lifetime>0)

public isRefreshTimeBasedCookie() : bool
Internal
Return values
bool

isRTE()

Returns TRUE if the RTE (Rich Text Editor) is enabled for the user.

public isRTE() : bool
Internal

should only be used from within TYPO3 Core

Return values
bool

isSetSessionCookie()

Determine whether a session cookie needs to be set (lifetime=0)

public isSetSessionCookie() : bool
Internal
Return values
bool

isSystemMaintainer()

Checks if the user is in the valid list of allowed system maintainers. if the list is not set, then all admins are system maintainers. If the list is empty, no one is system maintainer (good for production systems). If the currently logged in user is in "switch user" mode, this method will return false.

public isSystemMaintainer() : bool
Return values
bool

isUserAllowedToLogin()

Determines whether a CLI backend user is allowed to access TYPO3.

public isUserAllowedToLogin() : bool

Only when adminOnly is off (=0), and only allowed for admins and CLI users (=2)

Internal
Return values
bool

Whether the CLI user is allowed to access TYPO3

jsConfirmation()

Returns TRUE or FALSE, depending if an alert popup (a javascript confirmation) should be shown call like $GLOBALS['BE_USER']->jsConfirmation($BITMASK).

public jsConfirmation(int $bitmask) : bool
Parameters
$bitmask : int

Bitmask, one of \TYPO3\CMS\Core\Type\Bitmask\JsConfirmation

Tags
see
JsConfirmation
Return values
bool

TRUE if the confirmation should be shown

logoff()

Logs out the current user and clears the form protection tokens.

public logoff() : mixed

mayMakeShortcut()

Returns TRUE if the BE_USER is allowed to *create* shortcuts in the backend modules

public mayMakeShortcut() : bool
Return values
bool

modAccess()

Checks access to a backend module with the $MCONF passed as first argument

public modAccess(array<string|int, mixed> $conf) : bool
Parameters
$conf : array<string|int, mixed>

$MCONF array of a backend module!

Tags
throws
RuntimeException
Return values
bool

Will return TRUE if $MCONF['access'] is not set at all, if the BE_USER is admin or if the module is enabled in the be_users/be_groups records of the user (specifically enabled). Will return FALSE if the module name is not even found in $TBE_MODULES

overrideUC()

Override: Call this function every time the uc is updated.

public overrideUC() : mixed

That is 1) by reverting to default values, 2) in the setup-module, 3) userTS changes (userauthgroup)

Internal

processLoginData()

Processes Login data submitted by a form or params

public processLoginData(array<string|int, mixed> $loginData) : array<string|int, mixed>
Parameters
$loginData : array<string|int, mixed>

Login data array

Internal
Return values
array<string|int, mixed>

pushModuleData()

Stores data for a module.

public pushModuleData(string $module, mixed $data[, bool|int $noSave = 0 ]) : mixed

The data is stored with the session id so you can even check upon retrieval if the module data is from a previous session or from the current session.

Parameters
$module : string

Is the name of the module ($MCONF['name'])

$data : mixed

Is the data you want to store for that module (array, string, ...)

$noSave : bool|int = 0

If $noSave is set, then the ->uc array (which carries all kinds of user data) is NOT written immediately, but must be written by some subsequent call.

recordEditAccessInternals()

Checking if a user has editing access to a record from a $GLOBALS['TCA'] table.

public recordEditAccessInternals(string $table, int|array<string|int, mixed> $idOrRow[, bool $newRecord = false ][, bool $deletedRecord = false ][, bool $checkFullLanguageAccess = false ]) : bool

The checks does not take page permissions and other "environmental" things into account. It only deal with record internals; If any values in the record fields disallows it. For instance languages settings, authMode selector boxes are evaluated (and maybe more in the future). It will check for workspace dependent access. The function takes an ID (int) or row (array) as second argument.

Parameters
$table : string

Table name

$idOrRow : int|array<string|int, mixed>

If integer, then this is the ID of the record. If Array this just represents fields in the record.

$newRecord : bool = false

Set, if testing a new (non-existing) record array. Will disable certain checks that doesn't make much sense in that context.

$deletedRecord : bool = false

Set, if testing a deleted record array.

$checkFullLanguageAccess : bool = false

Set, whenever access to all translations of the record is required

Internal

should only be used from within TYPO3 Core

Return values
bool

TRUE if OK, otherwise FALSE

removeCookie()

Empty / unset the cookie

public removeCookie([string|null $cookieName = null ]) : mixed
Parameters
$cookieName : string|null = null

usually, this is $this->name

resetUC()

Clears the user[uc] and ->uc to blank strings. Then calls ->backendSetUC() to fill it again with reset contents

public resetUC() : mixed
Internal

returnWebmounts()

Returns an array with the webmounts.

public returnWebmounts() : array<string|int, mixed>

If no webmounts, and empty array is returned. Webmounts permissions are checked in fetchGroupData()

Return values
array<string|int, mixed>

of web mounts uids (may include '0')

setAndSaveSessionData()

Sets the session data ($data) for $key and writes all session data (from ->user['ses_data']) to the database.

public setAndSaveSessionData(string $key, mixed $data) : mixed

The data will last only for this login session since it is stored in the session table.

Parameters
$key : string

Pointer to an associative key in the session data array which is stored serialized in the field "ses_data" of the session table.

$data : mixed

The data to store in index $key

setBeUserByUid()

Raw initialization of the be_user with uid=$uid This will circumvent all login procedures and select a be_users record from the database and set the content of ->user to the record selected.

public setBeUserByUid(int $uid) : mixed

Thus the BE_USER object will appear like if a user was authenticated - however without a session id and the fields from the session table of course. Will check the users for disabled, start/endtime, etc. ($this->user_where_clause())

Parameters
$uid : int

The UID of the backend user to set in ->user

Internal

setDefaultWorkspace()

Sets the default workspace in the context of the current backend user.

public setDefaultWorkspace() : mixed
Internal

should only be used from within TYPO3 Core

setSessionData()

Set session data by key.

public setSessionData(string $key, mixed $data) : mixed

The data will last only for this login session since it is stored in the user session.

Parameters
$key : string

A non empty string to store the data under

$data : mixed

Data store store in session

setTemporaryWorkspace()

Sets a temporary workspace in the context of the current backend user.

public setTemporaryWorkspace(int $workspaceId) : bool
Parameters
$workspaceId : int
Internal

should only be used from within TYPO3 Core

Return values
bool

setWebmounts()

Initializes the given mount points for the current Backend user.

public setWebmounts(array<string|int, mixed> $mountPointUids[, bool $append = false ]) : mixed
Parameters
$mountPointUids : array<string|int, mixed>

Page UIDs that should be used as web mountpoints

$append : bool = false

If TRUE the given mount point will be appended. Otherwise the current mount points will be replaced.

setWorkspace()

Setting workspace ID

public setWorkspace(int $workspaceId) : mixed
Parameters
$workspaceId : int

ID of workspace to set for backend user. If not valid the default workspace for BE user is found and set.

Internal

should only be used from within TYPO3 Core

shallDisplayDebugInformation()

Returns whether debug information shall be displayed to the user

public shallDisplayDebugInformation() : bool
Internal
Return values
bool

start()

Replacement for AbstractUserAuthentication::start()

public start([ServerRequestInterface|null $request = null ]) : mixed

We do not need support for sessions, cookies, $_GET-modes, the postUserLookup hook or a database connection during CLI Bootstrap

Parameters
$request : ServerRequestInterface|null = null

unpack_uc()

Sets $theUC as the internal variable ->uc IF $theUC is an array.

public unpack_uc([mixed $theUC = '' ]) : mixed

If $theUC is FALSE, the 'uc' content from the ->user array will be unserialized and restored in ->uc

Parameters
$theUC : mixed = ''

If an array, then set as ->uc, otherwise load from user record @deprecated will be removed in TYPO3 v12.0.

workspaceAllowsLiveEditingInTable()

Checks if a record is allowed to be edited in the current workspace.

public workspaceAllowsLiveEditingInTable(string $table) : bool

This is not bound to an actual record, but to the mere fact if the user is in a workspace and depending on the table settings.

Parameters
$table : string
Internal

should only be used from within TYPO3 Core

Return values
bool

workspaceCanCreateNewRecord()

Evaluates if a record from $table can be created. If the table is not set up for versioning, and the "live edit" flag of the page is set, return false. In live workspace this is always true, as all records can be created in live workspace

public workspaceCanCreateNewRecord(string $table) : bool
Parameters
$table : string

Table name

Internal

should only be used from within TYPO3 Core

Return values
bool

workspaceCheckStageForCurrent()

Checks if an element stage allows access for the user in the current workspace In live workspace (= 0) access is always granted for any stage.

public workspaceCheckStageForCurrent(int $stage) : bool

Admins are always allowed. An option for custom workspaces allows members to also edit when the stage is "Review"

Parameters
$stage : int

Stage id from an element: -1,0 = editing, 1 = reviewer, >1 = owner

Internal

should only be used from within TYPO3 Core

Return values
bool

TRUE if user is allowed access

workspaceInit()

Initializing workspace.

public workspaceInit() : mixed

Called from within this function, see fetchGroupData()

Internal

should only be used from within TYPO3 Core

Tags
see
fetchGroupData()

workspacePublishAccess()

Returns TRUE if the user has access to publish content from the workspace ID given.

public workspacePublishAccess(int $wsid) : bool

Admin-users are always granted access to do this If the workspace ID is 0 (live) all users have access also For custom workspaces it depends on whether the user is owner OR like with draft workspace if the user has access to Live workspace.

Parameters
$wsid : int

Workspace UID; 0,1+

Internal

this method will be moved to EXT:workspaces

Return values
bool

Returns TRUE if the user has access to publish content from the workspace ID given.

writelog()

Writes an entry in the logfile/table Documentation in "TYPO3 Core API"

public writelog(int $type, int $action, int $error, int $details_nr, string $details, array<string|int, mixed> $data[, string $tablename = '' ][, int|string $recuid = '' ][, int|string $recpid = '' ][, int $event_pid = -1 ][, string $NEWid = '' ][, int $userId = 0 ]) : int
Parameters
$type : int

Denotes which module that has submitted the entry. See "TYPO3 Core API". Use "4" for extensions.

$action : int

Denotes which specific operation that wrote the entry. Use "0" when no sub-categorizing applies

$error : int

Flag. 0 = message, 1 = error (user problem), 2 = System Error (which should not happen), 3 = security notice (admin)

$details_nr : int

The message number. Specific for each $type and $action. This will make it possible to translate errormessages to other languages

$details : string

Default text that follows the message (in english!). Possibly translated by identification through type/action/details_nr

$data : array<string|int, mixed>

Data that follows the log. Might be used to carry special information. If an array the first 5 entries (0-4) will be sprintf'ed with the details-text

$tablename : string = ''

Table name. Special field used by tce_main.php.

$recuid : int|string = ''

Record UID. Special field used by tce_main.php.

$recpid : int|string = ''

Record PID. Special field used by tce_main.php. OBSOLETE

$event_pid : int = -1

The page_uid (pid) where the event occurred. Used to select log-content for specific pages.

$NEWid : string = ''

Special field used by tce_main.php. NEWid string of newly created records.

$userId : int = 0

Alternative Backend User ID (used for logging login actions where this is not yet known).

Return values
int

Log entry ID.

writeUC()

This writes $variable to the user-record. This is a way of providing session-data.

public writeUC([array<string|int, mixed>|string $variable = '' ]) : mixed

You can fetch the data again through $this->uc in this class! If $variable is not an array, $this->uc is saved!

Parameters
$variable : array<string|int, mixed>|string = ''

An array you want to store for the user as session data. If $variable is not supplied (is null), the internal variable, ->uc, is stored by default @deprecated will be removed in TYPO3 v12.0.

checkIfCliUserExists()

Check if a user with username "_cli_" exists. Deleted users are left out but hidden and start / endtime restricted users are considered.

protected checkIfCliUserExists() : bool
Return values
bool

true if the user exists

createCliUser()

Create a record in the DB table be_users called "_cli_" with no other information

protected createCliUser() : mixed

evaluateMfaRequirements()

This method checks if the user is authenticated but has not succeeded in passing his MFA challenge. This method can therefore only be used if a user has been authenticated against his first authentication method (username+password or any other authentication token).

protected evaluateMfaRequirements() : void
Internal

fetchValidUserFromSessionOrDestroySession()

If the session is bound to a user, this method fetches the user record, and returns it.

protected fetchValidUserFromSessionOrDestroySession([bool $skipSessionUpdate = false ]) : array<string|int, mixed>|null

If the session has a timeout, the session date is extended if needed. Also the ìs_online flag is updated for the user.

However, if the session has expired the session is removed and the request is treated as an anonymous session.

Parameters
$skipSessionUpdate : bool = false
Return values
array<string|int, mixed>|null

filterValidWebMounts()

Checking read access to web mounts, but keeps "0" or empty strings.

protected filterValidWebMounts(string $listOfWebMounts) : array<string|int, mixed>

In any case, checks if the list of pages is visible for the backend user but also if the page is not deleted.

Parameters
$listOfWebMounts : string

a comma-separated list of webmounts, could also be empty, or contain "0"

Return values
array<string|int, mixed>

a list of all valid web mounts the user has access to

generateHashedPassword()

This function returns a salted hashed key.

protected generateHashedPassword() : string
Return values
string

a random password

getAuthServiceConfiguration()

"auth" services configuration array from $GLOBALS['TYPO3_CONF_VARS']['SVCONF']['auth']

protected getAuthServiceConfiguration() : array<string|int, mixed>
Return values
array<string|int, mixed>

getAuthServices()

Initializes authentication services to be used in a foreach loop

protected getAuthServices(string $subType, array<string|int, mixed> $loginData, array<string|int, mixed> $authInfo) : Traversable
Parameters
$subType : string

e.g. getUserFE

$loginData : array<string|int, mixed>
$authInfo : array<string|int, mixed>
Return values
Traversable

A generator of service objects

getCookie()

Get the value of a specified cookie.

protected getCookie(string $cookieName) : string
Parameters
$cookieName : string

The cookie ID

Return values
string

The value stored in the cookie

getCookieDomain()

Gets the domain to be used on setting cookies.

protected getCookieDomain() : string

The information is taken from the value in $GLOBALS['TYPO3_CONF_VARS']['SYS']['cookieDomain'].

Return values
string

The domain to be used on setting cookies

handleLoginFailure()

Implement functionality when there was a failed login

protected handleLoginFailure() : void

hasEditAccessToLiveWorkspace()

Checks if the user (or the group) has the workspace_perms set to 1 in order to allow editing records in live workspace.

protected hasEditAccessToLiveWorkspace() : bool
Return values
bool

initializeDbMountpointsInWorkspace()

Limiting the DB mountpoints if there any selected in the workspace record

protected initializeDbMountpointsInWorkspace() : mixed

initializeFileStorages()

Sets up all file storages for a user.

protected initializeFileStorages() : mixed

Needs to be called AFTER the groups have been loaded.

performLogoff()

Perform the logoff action. Called from logoff() as a way to allow subclasses to override what happens when a user logs off, without needing to reproduce the hook calls and logging that happens in the public logoff() API method.

protected performLogoff() : mixed

prepareUserTsConfig()

This method parses the UserTSconfig from the current user and all their groups.

protected prepareUserTsConfig() : void

If the contents are the same, parsing is skipped. No matching is applied here currently.

regenerateSessionId()

Regenerate the session ID and transfer the session to new ID Call this method whenever a user proceeds to a higher authorization level e.g. when an anonymous session is now authenticated.

protected regenerateSessionId() : mixed

releaseLockedRecords()

Remove any "locked records" added for editing for the given user (= current backend user)

protected releaseLockedRecords(int $userId) : mixed
Parameters
$userId : int

removeSensitiveLoginDataForLoggingInfo()

Removes any sensitive data from the incoming data (either from loginData, processedLogin data or the user record from the DB).

protected removeSensitiveLoginDataForLoggingInfo(mixed|array<string|int, mixed> $data[, bool $isUserRecord = false ]) : mixed

No type hinting is added because it might be possible that the incoming data is of any other type.

Parameters
$data : mixed|array<string|int, mixed>
$isUserRecord : bool = false

setSessionCookie()

Sets the session cookie for the current disposal.

protected setSessionCookie() : mixed

updateLoginTimestamp()

Updates the last login column in the user with the given id

protected updateLoginTimestamp(int $userId) : mixed
Parameters
$userId : int

        
On this page

Search results