FrontendBackendUserAuthentication.php

Go to the documentation of this file.

<?php
namespace ‪TYPO3\CMS\Backend;
 
/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */
 
use ‪TYPO3\CMS\Backend\Utility\BackendUtility;
use ‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
use ‪TYPO3\CMS\Core\Context\Context;
use ‪TYPO3\CMS\Core\Context\LanguageAspect;
use ‪TYPO3\CMS\Core\Database\ConnectionPool;
use ‪TYPO3\CMS\Core\Database\Query\QueryBuilder;
use ‪TYPO3\CMS\Core\Database\Query\QueryHelper;
use ‪TYPO3\CMS\Core\Database\Query\Restriction\DeletedRestriction;
use ‪TYPO3\CMS\Core\Localization\LanguageService;
use ‪TYPO3\CMS\Core\Type\Bitmask\Permission;
use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
 
class ‪FrontendBackendUserAuthentication extends ‪BackendUserAuthentication
{
 
    public ‪$formfield_uname = '';
 
    public ‪$formfield_uident = '';
 
    public ‪$formfield_status = '';
 
    public ‪$writeStdLog = false;
 
    public ‪$writeAttemptLog = false;
 
    public ‪$extAdmEnabled = false;
 
    public ‪$adminPanel;
 
    public ‪$frontendEdit;
 
    public ‪$extAdminConfig = [];
 
    public function ‪initializeAdminPanel()
    {
        trigger_error('FrontendBackendUserAuthentication->initializeAdminPanel() will be removed in TYPO3 v10.0 - initialization is done via middleware.', E_USER_DEPRECATED);
    }
 
    public function ‪initializeFrontendEdit()
    {
        trigger_error('FrontendBackendUserAuthentication->initializeFrontendEdit() will be removed in TYPO3 v10.0 - initialization is done via middleware.', E_USER_DEPRECATED);
    }
 
    public function ‪isFrontendEditingActive()
    {
        trigger_error('FrontendBackendUserAuthentication->isFrontendEditingActive() will be removed in TYPO3 v10.0 - use underlying TSFE directly.', E_USER_DEPRECATED);
        return $this->extAdmEnabled && (
            $this->adminPanel->isAdminModuleEnabled('edit') ||
            (int)‪$GLOBALS['TSFE']->displayEditIcons === 1 ||
            (int)‪$GLOBALS['TSFE']->displayFieldEditIcons === 1
        );
    }
 
    public function ‪displayAdminPanel()
    {
        trigger_error('FrontendBackendUserAuthentication->displayAdminPanel() will be removed in TYPO3 v10.0 - use MainController of adminpanel extension.', E_USER_DEPRECATED);
        return $this->adminPanel->display();
    }
 
    public function ‪isAdminPanelVisible()
    {
        trigger_error('FrontendBackendUserAuthentication->isAdminPanelVisible() will be removed in TYPO3 v10.0 - use new adminpanel API instead.', E_USER_DEPRECATED);
        return $this->extAdmEnabled && !$this->extAdminConfig['hide'] && ‪$GLOBALS['TSFE']->config['config']['admPanel'];
    }
 
    /*****************************************************
     *
     * TSFE BE user Access Functions
     *
     ****************************************************/
    public function ‪checkBackendAccessSettingsFromInitPhp()
    {
        trigger_error('FrontendBackendUserAuthentication->checkBackendAccessSettingsFromInitPhp() will be removed in TYPO3 v10.0. Use a PSR-15 middleware and backendCheckLogin() instead.', E_USER_DEPRECATED);
        // Check Hardcoded lock on BE
        if (‪$GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] < 0) {
            return false;
        }
        // Check IP
        if (trim(‪$GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) {
            if (!GeneralUtility::cmpIP(GeneralUtility::getIndpEnv('REMOTE_ADDR'), ‪$GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) {
                return false;
            }
        }
        // Check IP mask based on TSconfig
        if (!$this->‪checkLockToIP()) {
            return false;
        }
        // Check SSL (https)
        if ((bool)‪$GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] && !GeneralUtility::getIndpEnv('TYPO3_SSL')) {
            return false;
        }
        // Finally a check as in BackendUserAuthentication::backendCheckLogin()
        return $this->‪isUserAllowedToLogin();
    }
 
    public function ‪backendCheckLogin($proceedIfNoUserIsLoggedIn = false)
    {
        if (empty($this->user['uid'])) {
            return false;
        }
        // Check Hardcoded lock on BE
        if (‪$GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] < 0) {
            return false;
        }
        // Check IP mask based on TSconfig
        if (!$this->‪checkLockToIP()) {
            return false;
        }
        return $this->‪isUserAllowedToLogin();
    }
 
    public function ‪extPageReadAccess($pageRec)
    {
        trigger_error('FrontendBackendUserAuthentication->extPageReadAccess() will be removed in TYPO3 v10.0.', E_USER_DEPRECATED);
        return $this->‪isInWebMount($pageRec['uid']) && $this->‪doesUserHaveAccess($pageRec, ‪Permission::PAGE_SHOW);
    }
 
    /*****************************************************
     *
     * TSFE BE user Access Functions
     *
     ****************************************************/
    public function ‪extGetTreeList(‪$id, $depth, $begin = 0, $perms_clause)
    {
        trigger_error('FrontendBackendUserAuthentication->extGetTreeList() will be removed in TYPO3 v10.0.', E_USER_DEPRECATED);
        $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)
            ->getQueryBuilderForTable('pages');
 
        $queryBuilder->getRestrictions()
            ->removeAll()
            ->add(GeneralUtility::makeInstance(DeletedRestriction::class));
 
        $depth = (int)$depth;
        $begin = (int)$begin;
        ‪$id = (int)‪$id;
        $theList = '';
        if (‪$id && $depth > 0) {
            $result = $queryBuilder
                ->select('uid', 'title')
                ->from('pages')
                ->where(
                    $queryBuilder->expr()->eq('pid', $queryBuilder->createNamedParameter(‪$id, \PDO::PARAM_INT)),
                    $queryBuilder->expr()->eq('sys_language_uid', 0),
                    ‪QueryHelper::stripLogicalOperatorPrefix($perms_clause)
                )
                ->execute();
            while ($row = $result->fetch()) {
                if ($begin <= 0) {
                    $theList .= $row['uid'] . ',';
                }
                if ($depth > 1) {
                    $theList .= $this->‪extGetTreeList($row['uid'], $depth - 1, $begin - 1, $perms_clause);
                }
            }
        }
        return $theList;
    }
 
    public function ‪allowedToEditLanguage($table, array $currentRecord): bool
    {
        // If no access right to record languages, return immediately
        $languageAspect = GeneralUtility::makeInstance(Context::class)->getAspect('language');
        if ($table === 'pages') {
            $languageId = $languageAspect->getId();
        } elseif ($table === 'tt_content') {
            $languageId = $languageAspect->getContentId();
        } elseif (‪$GLOBALS['TCA'][$table]['ctrl']['languageField']) {
            $languageId = $currentRecord[‪$GLOBALS['TCA'][$table]['ctrl']['languageField']];
        } else {
            $languageId = -1;
        }
        return $this->‪checkLanguageAccess($languageId);
    }
 
    public function ‪allowedToEdit(string $table, array $dataArray, array $conf, bool $checkEditAccessInternals): bool
    {
        // Unless permissions specifically allow it, editing is not allowed.
        $mayEdit = false;
        if ($checkEditAccessInternals) {
            $editAccessInternals = $this->‪recordEditAccessInternals($table, $dataArray, false, false);
        } else {
            $editAccessInternals = true;
        }
        if ($editAccessInternals) {
            $restrictEditingToRecordsOfCurrentPid = !empty($conf['onlyCurrentPid'] ?? false);
            if ($this->‪isAdmin()) {
                $mayEdit = true;
            } elseif ($table === 'pages') {
                if ($this->‪doesUserHaveAccess($dataArray, ‪Permission::PAGE_EDIT)) {
                    $mayEdit = true;
                }
            } else {
                $pageOfEditableRecord = ‪BackendUtility::getRecord('pages', $dataArray['pid']);
                if ($this->‪doesUserHaveAccess($pageOfEditableRecord, ‪Permission::CONTENT_EDIT) && !$restrictEditingToRecordsOfCurrentPid) {
                    $mayEdit = true;
                }
            }
            // Check the permission of the "pid" that should be accessed, if not disabled.
            if (!$restrictEditingToRecordsOfCurrentPid || $dataArray['pid'] == ‪$GLOBALS['TSFE']->id) {
                // Permissions
                if ($table === 'pages') {
                    $allow = $this->‪getAllowedEditActions($table, $conf, $dataArray['pid']);
                    // Can only display editbox if there are options in the menu
                    if (!empty($allow)) {
                        $mayEdit = true;
                    }
                } else {
                    $perms = $this->‪calcPerms(‪$GLOBALS['TSFE']->page);
                    $types = GeneralUtility::trimExplode(',', strtolower($conf['allow']), true);
                    $allow = array_flip($types);
                    $mayEdit = !empty($allow) && $perms & ‪Permission::CONTENT_EDIT;
                }
            }
        }
        return $mayEdit;
    }
 
    public function ‪getAllowedEditActions($table, array $conf, $pid): array
    {
        $types = GeneralUtility::trimExplode(',', strtolower($conf['allow']), true);
        $allow = array_flip($types);
        if (!$conf['onlyCurrentPid'] || $pid == ‪$GLOBALS['TSFE']->id) {
            // Permissions
            $types = GeneralUtility::trimExplode(',', strtolower($conf['allow']), true);
            $allow = array_flip($types);
            $perms = $this->‪calcPerms(‪$GLOBALS['TSFE']->page);
            if ($table === 'pages') {
                // Rootpage
                if (count(‪$GLOBALS['TSFE']->config['rootLine']) === 1) {
                    unset($allow['move']);
                    unset($allow['hide']);
                    unset($allow['delete']);
                }
                if (!($perms & ‪Permission::PAGE_EDIT) || !$this->‪checkLanguageAccess(0)) {
                    unset($allow['edit']);
                    unset($allow['move']);
                    unset($allow['hide']);
                }
                if (!($perms & ‪Permission::PAGE_DELETE)) {
                    unset($allow['delete']);
                }
                if (!($perms & ‪Permission::PAGE_NEW)) {
                    unset($allow['new']);
                }
            }
        }
        return $allow;
    }
 
    /*****************************************************
     *
     * Localization handling
     *
     ****************************************************/
    public function ‪extGetLL($key)
    {
        trigger_error('FrontendBackendUserAuthentication->extGetLL() will be removed in TYPO3 v10.0.', E_USER_DEPRECATED);
        if (!is_array(‪$GLOBALS['LOCAL_LANG'])) {
            $this->‪getLanguageService()->‪includeLLFile('EXT:core/Resources/Private/Language/locallang_tsfe.xlf');
            if (!is_array(‪$GLOBALS['LOCAL_LANG'])) {
                ‪$GLOBALS['LOCAL_LANG'] = [];
            }
        }
        return htmlspecialchars($this->‪getLanguageService()->getLL($key));
    }
 
    protected function ‪getLanguageService()
    {
        return ‪$GLOBALS['LANG'];
    }
}