FrontendBackendUserAuthentication extends FrontendBackendUserAuthentication

TYPO3 backend user authentication in the Frontend rendering.


since TYPO3 v13, will be removed in TYPO3 v14

ROLE_SYSTEMMAINTAINER  = 'systemMaintainer'


$checkPid  : bool
If set, the user-record must be stored at the page defined by $checkPid_value
$checkPid_value  : int|string|null
The page id the user record must be stored at, can also hold a comma separated list of pids
$enablecolumns  : array<string|int, mixed>
Enable field columns of user table
$errorMsg  : string
Contains last error message
$firstMainGroup  : int
$groupData  : array<string|int, mixed>
holds lists of eg. tables, fields and other values related to the permission-system. See fetchGroupData
$lastLogin_column  : string
Column name for last login timestamp
$loginType  : string
Login type, used for services.
$name  : string
Session/Cookie name
$uc  : array<string|int, mixed>
User Settings (= preferences)
$uc_default  : array<string|int, mixed>
User Config Default values: The array may contain other fields for configuration.
$user  : array<string|int, mixed>|null
$user_table  : string
Table in database with user data
$usergroup_column  : string
Should be set to the usergroup-column (id-list) in the user-record
$usergroup_table  : string
The name of the group-table
$userGroups  : array<string|int, mixed>
This array will hold the groups that the user is a member of
$userGroupsUID  : array<string|int, mixed>
This array holds the uid's of the groups in the listed order
$userid_column  : string
Column for user-id
$userident_column  : string
Column for password
$username_column  : string
Column for login-name
$workspace  : int
User workspace.
$workspaceRec  : array<string|int, mixed>
Custom workspace record if any
$writeAttemptLog  : bool
If the writelog() functions is called if a login-attempt has be tried without success.
$writeStdLog  : bool
Decides if the writelog() function is called at login and logout.
$checkWorkspaceCurrent_cache  : array<string|int, mixed>|null
Cache for checkWorkspaceCurrent()
$dontSetCookie  : bool
Will prevent the setting of the session cookie
$filePermissions  : array<string|int, mixed>|null
$fileStorages  : array<string|int, ResourceStorage>
$formfield_status  : string
Formfield_status should be set to "". The value this->formfield_status is set to empty in order to disable login-attempts to the backend account through this script
$formfield_uident  : string
Form field with password.
$formfield_uname  : string
Form field with login name.
$loginSessionStarted  : bool
Will be set to TRUE if the login session is actually written during auth-check.
$setCookie  : SetCookieBehavior
If set, this cookie will be set to the response.
$userSession  : UserSession|null
$userSessionManager  : UserSessionManager
$userTsConfig  : UserTsConfig|null
$userTSUpdated  : bool
True if the user TSconfig was parsed and needs to be cached.


__construct()  : mixed
appendCookieToResponse()  : ResponseInterface
Used to apply a cookie to a PSR-7 Response.
backendCheckLogin()  : bool
Implementing the access checks that the TYPO3 CMS bootstrap script does before a user is ever logged in.
backendSetUC()  : mixed
Initialize the internal ->uc array for the backend user (UC - user configuration is a serialized array inside the user object). Will make the overrides if necessary, and write the UC back to the be_users record if changes has happened.
calcPerms()  : int
Returns a combined binary representation of the current users permissions for the page-record, $row.
check()  : bool
Returns TRUE if the $value is found in the list in a $this->groupData[] index pointed to by $type (array key).
checkAuthentication()  : mixed
Checks if a submission of username and password is present or use other authentication by auth services
checkAuthMode()  : bool
Checking the authMode of a select field with authMode set
checkFullLanguagesAccess()  : bool
Check if user has access to all existing localizations for a certain record
checkLanguageAccess()  : bool
Checking if a language value (-1, 0 and >0) is allowed to be edited by the user.
checkWorkspace()  : array<string|int, mixed>|false
Checking if a workspace is allowed for backend user
createUserSession()  : UserSession
Creates a user session record and returns its values.
doesUserHaveAccess()  : bool
Checks if the permissions is granted based on a page-record ($row) and $perms (binary and'ed)
enforceNewSessionId()  : mixed
Regenerates the session ID and sets the cookie again.
evaluateUserSpecificFileFilterSettings()  : mixed
Adds filters based on what the user has set this should be done in this place, and called whenever needed, but only when needed
fetchGroupData()  : mixed
Initializes a lot of stuff like the access-lists, database-mountpoints and filemountpoints This method is called by ->backendCheckLogin() (from extending BackendUserAuthentication) if the backend user login has verified OK.
getAuthInfoArray()  : array<string|int, mixed>
Returns an info array which provides additional information for auth services
getCategoryMountPoints()  : array<string|int, mixed>
Returns an array of category mount points. The category permissions from BE Groups are also taken into consideration and are merged into User permissions.
getCookieName()  : string
Returns the configured cookie name
getFileMountRecords()  : array<string|int, mixed>
Returns an array of file mount records, taking workspaces and user home and group home directories into account Needs to be called AFTER the groups have been loaded.
getFilePermissions()  : array<string|int, mixed>
Returns the information about file permissions.
getFileStorages()  : array<string|int, ResourceStorage>
Returns an array with the filemounts for the user.
getLoginFormData()  : array<string|int, mixed>
Returns an info array with Login/Logout data submitted by a form or params
getModuleData()  : mixed
Gets module data for a module (from a loaded ->uc array)
getOriginalUserIdWhenInSwitchUserMode()  : int|null
Returns the uid of the backend user to return to.
getPagePermsClause()  : string
Returns a WHERE-clause for the pages-table where user permissions according to input argument, $perms, is validated.
getRawUserByName()  : array<string|int, mixed>
Fetching raw user record with username=$name
getRawUserByUid()  : array<string|int, mixed>
Fetching raw user record with uid=$uid
getSession()  : UserSession
getSessionData()  : mixed
Returns the session data stored for $key.
getTSConfig()  : array<string|int, mixed>
Returns full parsed user TSconfig array, merged with TSconfig from groups.
getUserId()  : int|null
getUserName()  : string|null
getUserTsConfig()  : UserTsConfig|null
Return the full user TSconfig object instead of just the array as in getTSConfig()
getWebmounts()  : array<int, int>
Returns an unique array with the webmounts.
handleUserLoggedIn()  : void
Is called after a user has sucesfully logged in. So either by using only one factor (e.g. username/password) or after the multi-factor authentication process has been passed.
initializeBackendLogin()  : void
initializeUserSessionManager()  : void
Currently needed for various unit tests, until start() and checkAuthentication() methods are smaller and extracted from this class.
initializeWebmountsForElementBrowser()  : mixed
Checks for alternative web mount points for the element browser.
isActiveLogin()  : bool
isAdmin()  : bool
Returns TRUE if user is admin Basically this function evaluates if the ->user[admin] field has bit 0 set. If so, user is admin.
isExportEnabled()  : bool
Returns if export functionality is available for current user
isImportEnabled()  : bool
Returns if import functionality is available for current user
isInWebMount()  : int|null
Checks if the page id or page record ($idOrRow) is found within the webmounts set up for the user.
isMfaSetupRequired()  : bool
Evaluate whether the user is required to set up MFA, based on user TSconfig and global configuration
isSystemMaintainer()  : bool
Checks if the user is in the valid list of allowed system maintainers. if the list is not set, then all admins are system maintainers. If the list is empty, no one is system maintainer (good for production systems). If the currently logged in user is in "switch user" mode, this method will return false.
isUserAllowedToLogin()  : bool
Determines whether a backend user is allowed to access the backend.
jsConfirmation()  : bool
Returns TRUE or FALSE, depending if an alert popup (a javascript confirmation) should be shown call like $GLOBALS['BE_USER']->jsConfirmation($BITMASK).
logoff()  : mixed
Logs out the current user and clears the form protection tokens.
mayMakeShortcut()  : bool
Returns TRUE if the BE_USER is allowed to *create* shortcuts in the backend modules
overrideUC()  : mixed
Override: Call this function every time the uc is updated.
processLoginData()  : array<string|int, mixed>
Processes Login data submitted by a form or params
pushModuleData()  : void
Stores data for a module.
recordEditAccessInternals()  : bool
Checking if a user has editing access to a record from a $GLOBALS['TCA'] table.
removeCookie()  : mixed
Empty / unset the cookie
resetUC()  : mixed
Clears the user[uc] and ->uc to blank strings. Then calls ->backendSetUC() to fill it again with reset contents
returnWebmounts()  : array<int, numeric-string>
Returns an array with the webmounts.
setAndSaveSessionData()  : mixed
Sets the session data ($data) for $key and writes all session data (from ->user['ses_data']) to the database.
setBeUserByName()  : mixed
Raw initialization of the be_user with username=$name
setBeUserByUid()  : mixed
Raw initialization of the be_user with uid=$uid This will circumvent all login procedures and select a be_users record from the database and set the content of ->user to the record selected.
setSessionData()  : mixed
Set session data by key.
setTemporaryWorkspace()  : bool
Sets a temporary workspace in the context of the current backend user.
setWebmounts()  : mixed
Initializes the given mount points for the current Backend user.
setWorkspace()  : mixed
Setting workspace ID
shallDisplayDebugInformation()  : bool
Returns whether debug information shall be displayed to the user
start()  : mixed
Starts a user session Typical configurations will: a) check if session cookie was set and if not, set one, b) check if a password/username was sent and if so, try to authenticate the user c) Lookup a session attached to a user and check timeout etc.
workspaceAllowsLiveEditingInTable()  : bool
Checks if a record is allowed to be edited in the current workspace.
workspaceCanCreateNewRecord()  : bool
Evaluates if a record from $table can be created. If the table is not set up for versioning, and the "live edit" flag of the page is set, return false. In live workspace this is always true, as all records can be created in live workspace
workspaceCheckStageForCurrent()  : bool
Checks if an element stage allows access for the user in the current workspace In live workspace (= 0) access is always granted for any stage.
writelog()  : int
Writes an entry in the logfile/table Documentation in "TYPO3 Core API"
writeUC()  : mixed
This writes $this->>uc to the user-record. This is a way of providing session-data.
checkWorkspaceCurrent()  : false|array<string|int, mixed>|null
Uses checkWorkspace() to check if current workspace is available for user.
evaluateMfaRequirements()  : void
This method checks if the user is authenticated but has not succeeded in passing his MFA challenge. This method can therefore only be used if a user has been authenticated against his first authentication method (username+password or any other authentication token).
fetchPossibleUsers()  : array<string|int, mixed>
Loads users from various sources (= authentication services) as an array of arrays.
fetchValidUserFromSessionOrDestroySession()  : array<string|int, mixed>|null
If the session is bound to a user, this method fetches the user record, and returns it.
filterValidWebMounts()  : array<string|int, mixed>
Checking read access to web mounts, but keeps "0" or empty strings.
getAuthServiceConfiguration()  : array<string|int, mixed>
"auth" services configuration array from $GLOBALS['TYPO3_CONF_VARS']['SVCONF']['auth']
getAuthServices()  : Traversable
Initializes authentication services to be used in a foreach loop
getDefaultWorkspace()  : int
Return default workspace ID for user, if EXT:workspaces is not installed the user will be pushed to the Live workspace, if he has access to. If no workspace is available for the user, the workspace ID is set to "-99"
hasEditAccessToLiveWorkspace()  : bool
If a user is in a workspace, but previews the live workspace (GET keyword "LIVE") even if the user has no editing permissions for this, it should still be visible, even though "be_users.workspace_perms" is set to "0".
initializeDbMountpointsInWorkspace()  : mixed
Limiting the DB mountpoints if there are any selected in the workspace record
initializeFileStorages()  : mixed
Sets up all file storages for a user.
isCookieSet()  : bool
Returns whether this request is going to set a cookie or a cookie was already found in the system
isMemberOfGroup()  : bool
Returns TRUE if the current user is a member of group $groupId $groupId must be set. $this->userGroupsUID must contain groups Will return TRUE also if the user is a member of a group through subgroups.
isRefreshTimeBasedCookie()  : bool
Determine whether a non-session cookie needs to be set (lifetime>0)
isSetSessionCookie()  : bool
Determine whether a session cookie needs to be set (lifetime=0)
performLogoff()  : mixed
Perform the logoff action. Called from logoff() as a way to allow subclasses to override what happens when a user logs off, without needing to reproduce the hook calls and logging that happens in the public logoff() API method.
prepareUserTsConfig()  : void
Parse user TSconfig from current user and its groups and set it as $this->userTS.
regenerateSessionId()  : mixed
Regenerate the session ID and transfer the session to new ID Call this method whenever a user proceeds to a higher authorization level e.g. when an anonymous session is now authenticated.
releaseLockedRecords()  : mixed
Remove any "locked records" added for editing for the given user (= current backend user)
removeSensitiveLoginDataForLoggingInfo()  : mixed
Removes any sensitive data from the incoming data (either from loginData, processedLogin data or the user record from the DB).
setDefaultWorkspace()  : void
Sets the default workspace in the context of the current backend user.
setSessionCookie()  : mixed
Sets the setCookie directive to "Send", which will then result in appending a new cookie to the PSR-7 response, see appendCookieToResponse().
shallSetSessionCookie()  : bool
Determines whether setting the session cookie is generally enabled, or the current session is a non-session cookie (FE permalogin).
unpack_uc()  : mixed
Unserializes the user configuration from the user record into $this->>uc
updateLoginTimestamp()  : mixed
Updates the last login column in the user with the given id
userConstraints()  : QueryRestrictionContainerInterface
This returns the restrictions needed to select the user respecting enable columns and flags like deleted, hidden, starttime, endtime and rootLevel
workspaceInit()  : void
Initializing workspace settings after all TSconfig has been parsed.



Should vanish, see todo below.




