9.5/_frontend_backend_user_authentication_8php_source.html

<?php

namespace ‪TYPO3\CMS\Backend;


/*

 * This file is part of the TYPO3 CMS project.

 *

 * It is free software; you can redistribute it and/or modify it under

 * the terms of the GNU General Public License, either version 2

 * of the License, or any later version.

 *

 * For the full copyright and license information, please read the

 * LICENSE.txt file that was distributed with this source code.

 *

 * The TYPO3 project - inspiring people to share!

 */


use ‪TYPO3\CMS\Backend\Utility\BackendUtility;

use ‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication;

use ‪TYPO3\CMS\Core\Context\Context;

use ‪TYPO3\CMS\Core\Context\LanguageAspect;

use ‪TYPO3\CMS\Core\Database\ConnectionPool;

use ‪TYPO3\CMS\Core\Database\Query\QueryBuilder;

use ‪TYPO3\CMS\Core\Database\Query\QueryHelper;

use ‪TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction;

use ‪TYPO3\CMS\Core\Localization\LanguageService;

use ‪TYPO3\CMS\Core\Type\Bitmask\Permission;

use ‪TYPO3\CMS\Core\Utility\GeneralUtility;


class ‪FrontendBackendUserAuthentication extends ‪BackendUserAuthentication

{


    public ‪$formfield_uname = '';


    public ‪$formfield_uident = '';


    public ‪$formfield_status = '';


    public ‪$writeStdLog = false;


    public ‪$writeAttemptLog = false;


    public ‪$extAdmEnabled = false;


    public ‪$adminPanel;


    public ‪$frontendEdit;


    public ‪$extAdminConfig = [];


    public function ‪initializeAdminPanel()

    {

        trigger_error('FrontendBackendUserAuthentication->initializeAdminPanel() will be removed in TYPO3 v10.0 - initialization is done via middleware.', E_USER_DEPRECATED);

    }


    public function ‪initializeFrontendEdit()

    {

        trigger_error('FrontendBackendUserAuthentication->initializeFrontendEdit() will be removed in TYPO3 v10.0 - initialization is done via middleware.', E_USER_DEPRECATED);

    }


    public function ‪isFrontendEditingActive()

    {

        trigger_error('FrontendBackendUserAuthentication->isFrontendEditingActive() will be removed in TYPO3 v10.0 - use underlying TSFE directly.', E_USER_DEPRECATED);

        return $this->extAdmEnabled && (

            $this->adminPanel->isAdminModuleEnabled('edit') ||

            (int)‪$GLOBALS['TSFE']->displayEditIcons === 1 ||

            (int)‪$GLOBALS['TSFE']->displayFieldEditIcons === 1

        );

    }


    public function ‪displayAdminPanel()

    {

        trigger_error('FrontendBackendUserAuthentication->displayAdminPanel() will be removed in TYPO3 v10.0 - use MainController of adminpanel extension.', E_USER_DEPRECATED);

        return $this->adminPanel->display();

    }


    public function ‪isAdminPanelVisible()

    {

        trigger_error('FrontendBackendUserAuthentication->isAdminPanelVisible() will be removed in TYPO3 v10.0 - use new adminpanel API instead.', E_USER_DEPRECATED);

        return $this->extAdmEnabled && !$this->extAdminConfig['hide'] && ‪$GLOBALS['TSFE']->config['config']['admPanel'];

    }


    /*****************************************************

     *

     * TSFE BE user Access Functions

     *

     ****************************************************/

    public function ‪checkBackendAccessSettingsFromInitPhp()

    {

        trigger_error('FrontendBackendUserAuthentication->checkBackendAccessSettingsFromInitPhp() will be removed in TYPO3 v10.0. Use a PSR-15 middleware and backendCheckLogin() instead.', E_USER_DEPRECATED);

        // Check Hardcoded lock on BE

        if (‪$GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] < 0) {

            return false;

        }

        // Check IP

        if (trim(‪$GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) {

            if (!GeneralUtility::cmpIP(GeneralUtility::getIndpEnv('REMOTE_ADDR'), ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) {

                return false;

            }

        }

        // Check IP mask based on TSconfig

        if (!$this->‪checkLockToIP()) {

            return false;

        }

        // Check SSL (https)

        if ((bool)‪$GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] && !GeneralUtility::getIndpEnv('TYPO3_SSL')) {

            return false;

        }

        // Finally a check as in BackendUserAuthentication::backendCheckLogin()

        return $this->‪isUserAllowedToLogin();

    }


    public function ‪backendCheckLogin($proceedIfNoUserIsLoggedIn = false)

    {

        if (empty($this->user['uid'])) {

            return false;

        }

        // Check Hardcoded lock on BE

        if (‪$GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] < 0) {

            return false;

        }

        // Check IP mask based on TSconfig

        if (!$this->‪checkLockToIP()) {

            return false;

        }

        return $this->‪isUserAllowedToLogin();

    }


    public function ‪extPageReadAccess($pageRec)

    {

        trigger_error('FrontendBackendUserAuthentication->extPageReadAccess() will be removed in TYPO3 v10.0.', E_USER_DEPRECATED);

        return $this->‪isInWebMount($pageRec['uid']) && $this->‪doesUserHaveAccess($pageRec, ‪Permission::PAGE_SHOW);

    }


    /*****************************************************

     *

     * TSFE BE user Access Functions

     *

     ****************************************************/

    public function ‪extGetTreeList(‪$id, $depth, $begin = 0, $perms_clause)

    {

        trigger_error('FrontendBackendUserAuthentication->extGetTreeList() will be removed in TYPO3 v10.0.', E_USER_DEPRECATED);

        $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)

            ->getQueryBuilderForTable('pages');


        $queryBuilder->getRestrictions()

            ->removeAll()

            ->add(GeneralUtility::makeInstance(DeletedRestriction::class));


        $depth = (int)$depth;

        $begin = (int)$begin;

        ‪$id = (int)‪$id;

        $theList = '';

        if (‪$id && $depth > 0) {

            $result = $queryBuilder

                ->select('uid', 'title')

                ->from('pages')

                ->where(

                    $queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter(‪$id, \PDO::PARAM_INT)),

                    $queryBuilder->expr()->eq('sys_language_uid', 0),

                    ‪QueryHelper::stripLogicalOperatorPrefix($perms_clause)

                )

                ->execute();

            while ($row = $result->fetch()) {

                if ($begin <= 0) {

                    $theList .= $row['uid'] . ',';

                }

                if ($depth > 1) {

                    $theList .= $this->‪extGetTreeList($row['uid'], $depth - 1, $begin - 1, $perms_clause);

                }

            }

        }

        return $theList;

    }


    public function ‪allowedToEditLanguage($table, array $currentRecord): bool

    {

        // If no access right to record languages, return immediately

        $languageAspect = GeneralUtility::makeInstance(Context::class)->getAspect('language');

        if ($table === 'pages') {

            $languageId = $languageAspect->getId();

        } elseif ($table === 'tt_content') {

            $languageId = $languageAspect->getContentId();

        } elseif (‪$GLOBALS['TCA'][$table]['ctrl']['languageField']) {

            $languageId = $currentRecord[‪$GLOBALS['TCA'][$table]['ctrl']['languageField']];

        } else {

            $languageId = -1;

        }

        return $this->‪checkLanguageAccess($languageId);

    }


    public function ‪allowedToEdit(string $table, array $dataArray, array $conf, bool $checkEditAccessInternals): bool

    {

        // Unless permissions specifically allow it, editing is not allowed.

        $mayEdit = false;

        if ($checkEditAccessInternals) {

            $editAccessInternals = $this->‪recordEditAccessInternals($table, $dataArray, false, false);

        } else {

            $editAccessInternals = true;

        }

        if ($editAccessInternals) {

            $restrictEditingToRecordsOfCurrentPid = !empty($conf['onlyCurrentPid'] ?? false);

            if ($this->‪isAdmin()) {

                $mayEdit = true;

            } elseif ($table === 'pages') {

                if ($this->‪doesUserHaveAccess($dataArray, ‪Permission::PAGE_EDIT)) {

                    $mayEdit = true;

                }

            } else {

                $pageOfEditableRecord = ‪BackendUtility::getRecord('pages', $dataArray['pid']);

                if ($this->‪doesUserHaveAccess($pageOfEditableRecord, ‪Permission::CONTENT_EDIT) && !$restrictEditingToRecordsOfCurrentPid) {

                    $mayEdit = true;

                }

            }

            // Check the permission of the "pid" that should be accessed, if not disabled.

            if (!$restrictEditingToRecordsOfCurrentPid || $dataArray['pid'] == ‪$GLOBALS['TSFE']->id) {

                // Permissions

                if ($table === 'pages') {

                    $allow = $this->‪getAllowedEditActions($table, $conf, $dataArray['pid']);

                    // Can only display editbox if there are options in the menu

                    if (!empty($allow)) {

                        $mayEdit = true;

                    }

                } else {

                    $perms = $this->‪calcPerms(‪$GLOBALS['TSFE']->page);

                    $types = GeneralUtility::trimExplode(',', strtolower($conf['allow']), true);

                    $allow = array_flip($types);

                    $mayEdit = !empty($allow) && $perms & ‪Permission::CONTENT_EDIT;

                }

            }

        }

        return $mayEdit;

    }


    public function ‪getAllowedEditActions($table, array $conf, $pid): array

    {

        $types = GeneralUtility::trimExplode(',', strtolower($conf['allow']), true);

        $allow = array_flip($types);

        if (!$conf['onlyCurrentPid'] || $pid == ‪$GLOBALS['TSFE']->id) {

            // Permissions

            $types = GeneralUtility::trimExplode(',', strtolower($conf['allow']), true);

            $allow = array_flip($types);

            $perms = $this->‪calcPerms(‪$GLOBALS['TSFE']->page);

            if ($table === 'pages') {

                // Rootpage

                if (count(‪$GLOBALS['TSFE']->config['rootLine']) === 1) {

                    unset($allow['move']);

                    unset($allow['hide']);

                    unset($allow['delete']);

                }

                if (!($perms & ‪Permission::PAGE_EDIT) || !$this->‪checkLanguageAccess(0)) {

                    unset($allow['edit']);

                    unset($allow['move']);

                    unset($allow['hide']);

                }

                if (!($perms & ‪Permission::PAGE_DELETE)) {

                    unset($allow['delete']);

                }

                if (!($perms & ‪Permission::PAGE_NEW)) {

                    unset($allow['new']);

                }

            }

        }

        return $allow;

    }


    /*****************************************************

     *

     * Localization handling

     *

     ****************************************************/

    public function ‪extGetLL($key)

    {

        trigger_error('FrontendBackendUserAuthentication->extGetLL() will be removed in TYPO3 v10.0.', E_USER_DEPRECATED);

        if (!is_array(‪$GLOBALS['LOCAL_LANG'])) {

            $this->‪getLanguageService()->‪includeLLFile('EXT:core/Resources/Private/Language/locallang_tsfe.xlf');

            if (!is_array(‪$GLOBALS['LOCAL_LANG'])) {

                ‪$GLOBALS['LOCAL_LANG'] = [];

            }

        }

        return htmlspecialchars($this->‪getLanguageService()->getLL($key));

    }


    protected function ‪getLanguageService()

    {

        return ‪$GLOBALS['LANG'];

    }

}