‪TYPO3CMS  9.5
Public Member Functions | Public Attributes | Protected Member Functions | Protected Attributes | List of all members
TYPO3\CMS\Core\Authentication\AbstractUserAuthentication Class Reference
Inheritance diagram for TYPO3\CMS\Core\Authentication\AbstractUserAuthentication:
TYPO3\CMS\Core\Authentication\BackendUserAuthentication TYPO3\CMS\Core\Tests\Functional\Authentication\Fixtures\AnyUserAuthentication TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication TYPO3\CMS\Backend\FrontendBackendUserAuthentication TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication TYPO3\CMS\Workspaces\Authentication\PreviewUserAuthentication

Public Member Functions

 __construct ()
 
 start ()
 
bool isSetSessionCookie ()
 
bool isRefreshTimeBasedCookie ()
 
 checkAuthentication ()
 
string createSessionId ()
 
array createUserSession ($tempuser)
 
array getNewSessionRecord ($tempuser)
 
array bool fetchUserSession ($skipSessionUpdate=false)
 
 enforceNewSessionId ()
 
 logoff ()
 
 removeCookie ($cookieName)
 
bool isExistingSessionRecord ($id)
 
bool isCookieSet ()
 
 writeUC ($variable='')
 
 unpack_uc ($theUC='')
 
 pushModuleData ($module, $data, $noSave=0)
 
mixed getModuleData ($module, $type='')
 
mixed getSessionData ($key)
 
 setSessionData ($key, $data)
 
 setAndSaveSessionData ($key, $data)
 
array getLoginFormData ()
 
array processLoginData ($loginData, $passwordTransmissionStrategy='')
 
array getAuthInfoArray ()
 
bool compareUident ($user, $loginData, $passwordCompareStrategy='')
 
 gc ()
 
 writelog ($type, $action, $error, $details_nr, $details, $data, $tablename, $recuid, $recpid)
 
 checkLogFailures ($email, $secondsBack, $maxFailures)
 
 setBeUserByUid ($uid)
 
 setBeUserByName ($name)
 
array getRawUserByUid ($uid)
 
array getRawUserByName ($name)
 
mixed fetchUserRecord ($dbUser, $username, $extraWhere='')
 
string getSessionId ()
 
string getLoginType ()
 

Public Attributes

string $name = ''
 
string $get_name = ''
 
string $user_table = ''
 
string $usergroup_table = ''
 
string $username_column = ''
 
string $userident_column = ''
 
string $userid_column = ''
 
string $usergroup_column = ''
 
string $lastLogin_column = ''
 
array $enablecolumns
 
bool $showHiddenRecords = false
 
string $formfield_uname = ''
 
string $formfield_uident = ''
 
string $formfield_status = ''
 
int $sessionTimeout = 0
 
string $auth_timeout_field = ''
 
int $lifetime = 0
 
int $gc_time = 0
 
int $gc_probability = 1
 
bool $writeStdLog = false
 
bool $writeAttemptLog = false
 
bool $sendNoCacheHeaders = true
 
bool $getFallBack = false
 
int $hash_length = 32
 
bool $getMethodEnabled = false
 
int $lockIP = 4
 
string $warningEmail = ''
 
int $warningPeriod = 3600
 
int $warningMax = 3
 
bool $checkPid = true
 
int $checkPid_value = 0
 
string $id
 
bool $loginFailure = false
 
bool $loginSessionStarted = false
 
array null $user
 
string $get_URL_ID = ''
 
bool $newSessionID = false
 
bool $forceSetCookie = false
 
bool $dontSetCookie = false
 
string $loginType = ''
 
array $svConfig = array( )
 
array $uc
 

Protected Member Functions

 sendHttpHeaders ()
 
array getHttpHeaders ()
 
 setSessionCookie ()
 
string getCookieDomain ()
 
string getCookie ($cookieName)
 
Traversable getAuthServices (string $subType, array $loginData, array $authInfo)
 
 regenerateSessionId (array $existingSessionRecord=[], bool $anonymous=false)
 
 updateLoginTimestamp (int $userId)
 
 performLogoff ()
 
QueryRestrictionContainerInterface userConstraints ()
 
string ipLockClause_remoteIPNumber ($parts)
 
mixed removeSensitiveLoginDataForLoggingInfo ($data, bool $isUserRecord=false)
 
SessionBackendInterface getSessionBackend ()
 

Protected Attributes

bool $cookieWasSetOnCurrentRequest = false
 
SessionBackendInterface $sessionBackend
 
array $sessionData = array( )
 

Detailed Description

Authentication of users in TYPO3

This class is used to authenticate a login user. The class is used by both the frontend and backend. In both cases this class is a parent class to BackendUserAuthentication and FrontendUserAuthentication

See Inside TYPO3 for more information about the API of the class and internal variables.

Definition at line 50 of file AbstractUserAuthentication.php.

Constructor & Destructor Documentation

◆ __construct()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::__construct ( )

Initialize some important variables

Reimplemented in TYPO3\CMS\Core\Authentication\BackendUserAuthentication, TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication, TYPO3\CMS\Workspaces\Authentication\PreviewUserAuthentication, and TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication.

Definition at line 310 of file AbstractUserAuthentication.php.

Member Function Documentation

◆ checkAuthentication()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::checkAuthentication ( )

Checks if a submission of username and password is present or use other authentication by auth services

Exceptions

Reimplemented in TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication.

Definition at line 561 of file AbstractUserAuthentication.php.

References $GLOBALS, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$loginType, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$sessionData, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$userid_column, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$username_column, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkLogFailures(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\createUserSession(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\fetchUserSession(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthServices(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getLoginFormData(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getSessionBackend(), TYPO3\CMS\Core\Core\Environment\isCli(), TYPO3\CMS\Core\Authentication\LoginType\LOGIN, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\logoff(), TYPO3\CMS\Core\Authentication\LoginType\LOGOUT, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\regenerateSessionId(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\removeSensitiveLoginDataForLoggingInfo(), TYPO3\CMS\Core\Session\Backend\SessionBackendInterface\update(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\writelog().

Referenced by TYPO3\CMS\Backend\Controller\AjaxLoginController\refreshAction(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\start().

◆ checkLogFailures()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::checkLogFailures (   $email,
  $secondsBack,
  $maxFailures 
)

DUMMY: Check login failures (in some extension classes)

Parameters
string$email‪Email address
int$secondsBack‪Number of sections back in time to check. This is a kind of limit for how many failures an hour for instance
int$maxFailures‪Max allowed failures before a warning mail is sent @ignore

Reimplemented in TYPO3\CMS\Core\Authentication\BackendUserAuthentication.

Definition at line 1486 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication().

◆ compareUident()

bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::compareUident (   $user,
  $loginData,
  $passwordCompareStrategy = '' 
)

Check the login data with the user record data for builtin login methods

Parameters
array$user‪User data array
array$loginData‪Login data array
string$passwordCompareStrategy‪Alternative passwordCompareStrategy. Used when authentication services wants to override the default.
Returns
‪bool TRUE if login data matched
Deprecated:
‪since TYPO3 v9, will be removed in TYPO3 v10.0.

Definition at line 1445 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$user, and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$userident_column.

◆ createSessionId()

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::createSessionId ( )

Creates a new session ID.

Returns
‪string The new session ID

Definition at line 831 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\regenerateSessionId(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\start().

◆ createUserSession()

array TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::createUserSession (   $tempuser)

Creates a user session record and returns its values.

Parameters
array$tempuser‪User data array
Returns
‪array The session data for the newly created session.

Reimplemented in TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication.

Definition at line 895 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getNewSessionRecord(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getSessionBackend(), TYPO3\CMS\Core\Session\Backend\SessionBackendInterface\remove(), TYPO3\CMS\Core\Session\Backend\SessionBackendInterface\set(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\updateLoginTimestamp().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication().

◆ enforceNewSessionId()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::enforceNewSessionId ( )

Regenerates the session ID and sets the cookie again.

Definition at line 1006 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\regenerateSessionId(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setSessionCookie().

◆ fetchUserRecord()

mixed TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::fetchUserRecord (   $dbUser,
  $username,
  $extraWhere = '' 
)

Get a user from DB by username provided for usage from services

Parameters
array$dbUser‪User db table definition: $this->db_user
string$username‪user name
string$extraWhere‪Additional WHERE clause: " AND ...
Returns
‪mixed User array or FALSE
Deprecated:
‪since TYPO3 v9, will be removed in TYPO3 v10.0

Definition at line 1565 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$user, and TYPO3\CMS\Core\Database\Query\QueryHelper\stripLogicalOperatorPrefix().

◆ fetchUserSession()

array bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::fetchUserSession (   $skipSessionUpdate = false)

Read the user session from db.

Parameters
bool$skipSessionUpdate
Returns
‪array|bool User session data, false if $this->id does not represent valid session

Definition at line 954 of file AbstractUserAuthentication.php.

References $GLOBALS, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$sessionTimeout, TYPO3\CMS\Core\Session\Backend\SessionBackendInterface\get(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getRawUserByUid(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getSessionBackend(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\logoff(), and TYPO3\CMS\Core\Session\Backend\SessionBackendInterface\update().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication().

◆ gc()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::gc ( )

Garbage collector, removing old expired sessions.

Reimplemented in TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication.

Definition at line 1456 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Session\Backend\SessionBackendInterface\collectGarbage(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getSessionBackend().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\start().

◆ getAuthInfoArray()

array TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getAuthInfoArray ( )

Returns an info array which provides additional information for auth services

Returns
‪array

Definition at line 1401 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$checkPid_value, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$loginType, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$showHiddenRecords, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$user_table, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$usergroup_column, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$usergroup_table, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$userid_column, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$userident_column, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$username_column, TYPO3\CMS\Core\Database\Query\Restriction\QueryRestrictionInterface\buildExpression(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\userConstraints().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication(), TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\fetchGroupData(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\processLoginData().

◆ getAuthServices()

Traversable TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getAuthServices ( string  $subType,
array  $loginData,
array  $authInfo 
)
protected

Initializes authentication services to be used in a foreach loop

Parameters
string$subType‪e.g. getUserFE
array$loginData
array$authInfo
Returns
‪\Traversable A generator of service objects

Definition at line 844 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication().

◆ getCookie()

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getCookie (   $cookieName)
protected

Get the value of a specified cookie.

Parameters
string$cookieName‪The cookie ID
Returns
‪string The value stored in the cookie

Definition at line 528 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isCookieSet(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\start().

◆ getCookieDomain()

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getCookieDomain ( )
protected

Gets the domain to be used on setting cookies. The information is taken from the value in $GLOBALS['TYPO3_CONF_VARS']['SYS']['cookieDomain'].

Returns
‪string The domain to be used on setting cookies

Definition at line 497 of file AbstractUserAuthentication.php.

References $GLOBALS, and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$loginType.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\removeCookie(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setSessionCookie().

◆ getHttpHeaders()

array TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getHttpHeaders ( )
protected

Get the http headers to be sent if an authenticated user is available, in order to disallow browsers to store the response on the client side.

Returns
‪array

Definition at line 416 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\sendHttpHeaders().

◆ getLoginFormData()

array TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getLoginFormData ( )

Returns an info array with Login/Logout data submitted by a form or params

Returns
‪array

Reimplemented in TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication.

Definition at line 1308 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\LoginType\LOGIN, and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\processLoginData().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication(), and TYPO3\CMS\Backend\Controller\AjaxLoginController\hasLoginBeenProcessed().

◆ getLoginType()

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getLoginType ( )
Returns
‪string

Definition at line 1612 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$loginType.

Referenced by TYPO3\CMS\Beuser\Domain\Repository\BackendUserRepository\getSessionBackend(), and TYPO3\CMS\Beuser\Controller\BackendUserController\getSessionBackend().

◆ getModuleData()

mixed TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getModuleData (   $module,
  $type = '' 
)

Gets module data for a module (from a loaded ->uc array)

Parameters
string$module‪Is the name of the module ($MCONF['name'])
string$type‪If $type = 'ses' then module data is returned only if it was stored in the current session, otherwise data from a previous session will be returned (if available).
Returns
‪mixed The module data if available: $this->uc['moduleData'][$module];

Definition at line 1233 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$sessionData.

Referenced by TYPO3\CMS\Backend\Controller\EditDocumentController\closeDocument(), TYPO3\CMS\Backend\Clipboard\Clipboard\initializeClipboard(), and TYPO3\CMS\Backend\Controller\EditDocumentController\preInit().

◆ getNewSessionRecord()

array TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getNewSessionRecord (   $tempuser)

Returns a new session record for the current user for insertion into the DB. This function is mainly there as a wrapper for inheriting classes to override it.

Parameters
array$tempuser
Returns
‪array User session record

Reimplemented in TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication.

Definition at line 932 of file AbstractUserAuthentication.php.

References $GLOBALS, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$id, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$userid_column, and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\ipLockClause_remoteIPNumber().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\createUserSession().

◆ getRawUserByName()

array TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getRawUserByName (   $name)

Fetching raw user record with username=$name

Parameters
string$name‪The username to look up.
Returns
‪array user record or FALSE
See also
‪\TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getUserByUid()

Definition at line 1544 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$name, and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\userConstraints().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setBeUserByName().

◆ getRawUserByUid()

array TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getRawUserByUid (   $uid)

Fetching raw user record with uid=$uid

Parameters
int$uid‪The UID of the backend user to set in ->user
Returns
‪array user record or FALSE

Definition at line 1525 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\userConstraints().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\fetchUserSession(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setBeUserByUid().

◆ getSessionBackend()

SessionBackendInterface TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getSessionBackend ( )
protected

Returns initialized session backend. Returns same session backend if called multiple times

Returns
‪SessionBackendInterface

Definition at line 1622 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$sessionBackend.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\createUserSession(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\fetchUserSession(), TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\gc(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\gc(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isExistingSessionRecord(), TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\performLogoff(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\performLogoff(), TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\regenerateSessionId(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\regenerateSessionId(), TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\removeSessionData(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setAndSaveSessionData(), and TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\storeSessionData().

◆ getSessionData()

mixed TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getSessionData (   $key)

Returns the session data stored for $key. The data will last only for this login session since it is stored in the user session.

Parameters
string$key‪The key associated with the session data
Returns
‪mixed

Definition at line 1258 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Workspaces\Controller\Remote\MassActionHandler\flushWorkspace(), TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\getKey(), TYPO3\CMS\Backend\Controller\PageLayoutController\init(), TYPO3\CMS\Beuser\Controller\PermissionController\initializeAction(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\initializeWebmountsForElementBrowser(), TYPO3\CMS\Workspaces\Controller\Remote\MassActionHandler\processData(), TYPO3\CMS\Workspaces\Controller\Remote\MassActionHandler\publishWorkspace(), and TYPO3\CMS\Form\Mvc\Property\TypeConverter\FormDefinitionArrayConverter\retrieveSessionToken().

◆ getSessionId()

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getSessionId ( )
Returns
‪string

Definition at line 1603 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$id.

Referenced by TYPO3\CMS\Beuser\Controller\BackendUserController\onlineAction().

◆ ipLockClause_remoteIPNumber()

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::ipLockClause_remoteIPNumber (   $parts)
protected

Returns the IP address to lock to. The IP address may be partial based on $parts.

Parameters
int$parts‪1-4: Indicates how many parts of the IP address to return. 4 means all, 1 means only first number.
Returns
‪string (Partial) IP address for REMOTE_ADDR

Definition at line 1146 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Utility\MathUtility\forceIntegerInRange().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getNewSessionRecord(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isExistingSessionRecord().

◆ isCookieSet()

bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::isCookieSet ( )

Returns whether this request is going to set a cookie or a cookie was already found in the system

Returns
‪bool Returns TRUE if a cookie is set

Definition at line 1094 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getCookie().

Referenced by TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\performLogoff(), and TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\storeSessionData().

◆ isExistingSessionRecord()

bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::isExistingSessionRecord (   $id)

Determine whether there's an according session record to a given session_id. Don't care if session record is still valid or not.

Parameters
string$id‪Claimed Session ID
Returns
‪bool Returns TRUE if a corresponding session was found in the database

Definition at line 1070 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Session\Backend\SessionBackendInterface\get(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getSessionBackend(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\ipLockClause_remoteIPNumber().

Referenced by TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\removeSessionData(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\start(), and TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\storeSessionData().

◆ isRefreshTimeBasedCookie()

bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::isRefreshTimeBasedCookie ( )

Determine whether a non-session cookie needs to be set (lifetime>0)

Returns
‪bool

Reimplemented in TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication.

Definition at line 550 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setSessionCookie().

◆ isSetSessionCookie()

bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::isSetSessionCookie ( )

Determine whether a session cookie needs to be set (lifetime=0)

Returns
‪bool

Reimplemented in TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication.

Definition at line 539 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setSessionCookie().

◆ logoff()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::logoff ( )

Log out current user! Removes the current session record, sets the internal ->user array to a blank string; Thereby the current user (if any) is effectively logged out!

Reimplemented in TYPO3\CMS\Core\Authentication\BackendUserAuthentication.

Definition at line 1017 of file AbstractUserAuthentication.php.

References $GLOBALS, and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\performLogoff().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\fetchUserSession().

◆ performLogoff()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::performLogoff ( )
protected

Perform the logoff action. Called from logoff() as a way to allow subclasses to override what happens when a user logs off, without needing to reproduce the hook calls and logging that happens in the public logoff() API method.

Reimplemented in TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication.

Definition at line 1041 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getSessionBackend(), and TYPO3\CMS\Core\Session\Backend\SessionBackendInterface\remove().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\logoff().

◆ processLoginData()

array TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::processLoginData (   $loginData,
  $passwordTransmissionStrategy = '' 
)

Processes Login data submitted by a form or params depending on the passwordTransmissionStrategy

Parameters
array$loginData‪Login data array
string$passwordTransmissionStrategy‪Alternative passwordTransmissionStrategy. Used when authentication services wants to override the default.
Returns
‪array

Definition at line 1336 of file AbstractUserAuthentication.php.

References $GLOBALS, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$loginType, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\removeSensitiveLoginDataForLoggingInfo().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getLoginFormData().

◆ pushModuleData()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::pushModuleData (   $module,
  $data,
  $noSave = 0 
)

Stores data for a module. The data is stored with the session id so you can even check upon retrieval if the module data is from a previous session or from the current session.

Parameters
string$module‪Is the name of the module ($MCONF['name'])
mixed$data‪Is the data you want to store for that module (array, string, ...)
bool | int$noSave‪If $noSave is set, then the ->uc array (which carries all kinds of user data) is NOT written immediately, but must be written by some subsequent call.

Definition at line 1213 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\writeUC().

Referenced by TYPO3\CMS\Backend\Controller\EditDocumentController\closeDocument(), TYPO3\CMS\Linkvalidator\Report\LinkValidatorReport\main(), TYPO3\CMS\Tstemplate\Controller\TypoScriptTemplateObjectBrowserModuleFunctionController\main(), TYPO3\CMS\Backend\Controller\EditDocumentController\main(), and TYPO3\CMS\Tstemplate\Controller\TypoScriptTemplateObjectBrowserModuleFunctionController\modMenu().

◆ regenerateSessionId()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::regenerateSessionId ( array  $existingSessionRecord = [],
bool  $anonymous = false 
)
protected

Regenerate the session ID and transfer the session to new ID Call this method whenever a user proceeds to a higher authorization level e.g. when an anonymous session is now authenticated.

Parameters
array$existingSessionRecord‪If given, this session record will be used instead of fetching again
bool$anonymous‪If true session will be regenerated as anonymous session

Reimplemented in TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication.

Definition at line 865 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$id, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\createSessionId(), TYPO3\CMS\Core\Session\Backend\SessionBackendInterface\get(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getSessionBackend(), TYPO3\CMS\Core\Session\Backend\SessionBackendInterface\remove(), and TYPO3\CMS\Core\Session\Backend\SessionBackendInterface\set().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\enforceNewSessionId().

◆ removeCookie()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::removeCookie (   $cookieName)

Empty / unset the cookie

Parameters
string$cookieName‪usually, this is $this->name

Definition at line 1055 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getCookieDomain().

Referenced by TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\performLogoff(), and TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\storeSessionData().

◆ removeSensitiveLoginDataForLoggingInfo()

mixed TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::removeSensitiveLoginDataForLoggingInfo (   $data,
bool  $isUserRecord = false 
)
protected

Removes any sensitive data from the incoming data (either from loginData, processedLogin data or the user record from the DB).

No type hinting is added because it might be possible that the incoming data is of any other type.

Parameters
mixed | array$data
bool$isUserRecord
Returns
‪mixed

Definition at line 1377 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\processLoginData().

◆ sendHttpHeaders()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::sendHttpHeaders ( )
protected

Set all possible headers that could ensure that the script is not cached on the client-side.

Only do this if $this->sendNoCacheHeaders is set.

Definition at line 398 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getHttpHeaders(), and TYPO3\CMS\Core\Core\Environment\isCli().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\start().

◆ setAndSaveSessionData()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::setAndSaveSessionData (   $key,
  $data 
)

Sets the session data ($data) for $key and writes all session data (from ->user['ses_data']) to the database. The data will last only for this login session since it is stored in the session table.

Parameters
string$key‪Pointer to an associative key in the session data array which is stored serialized in the field "ses_data" of the session table.
mixed$data‪The data to store in index $key

Reimplemented in TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication.

Definition at line 1285 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getSessionBackend(), and TYPO3\CMS\Core\Session\Backend\SessionBackendInterface\update().

Referenced by TYPO3\CMS\Workspaces\Controller\ReviewController\fullIndexAction(), TYPO3\CMS\Backend\Controller\PageLayoutController\init(), TYPO3\CMS\Workspaces\Controller\Remote\MassActionHandler\initFlushData(), TYPO3\CMS\Beuser\Controller\PermissionController\initializeAction(), TYPO3\CMS\Workspaces\Controller\Remote\MassActionHandler\initPublishData(), TYPO3\CMS\Form\Domain\Configuration\FormDefinitionConversionService\persistSessionToken(), TYPO3\CMS\Workspaces\Controller\Remote\MassActionHandler\processData(), and TYPO3\CMS\Core\Messaging\FlashMessageQueue\storeFlashMessagesInSession().

◆ setBeUserByName()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::setBeUserByName (   $name)

Raw initialization of the be_user with username=$name

Parameters
string$name‪The username to look up.
See also
‪\TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::setBeUserByUid()

Definition at line 1513 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getRawUserByName().

Referenced by TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication\authenticate().

◆ setBeUserByUid()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::setBeUserByUid (   $uid)

Raw initialization of the be_user with uid=$uid This will circumvent all login procedures and select a be_users record from the database and set the content of ->user to the record selected. Thus the BE_USER object will appear like if a user was authenticated - however without a session id and the fields from the session table of course. Will check the users for disabled, start/endtime, etc. ($this->user_where_clause())

Parameters
int$uid‪The UID of the backend user to set in ->user

Definition at line 1501 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getRawUserByUid().

◆ setSessionCookie()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::setSessionCookie ( )
protected

Sets the session cookie for the current disposal.

Exceptions
Exception

Definition at line 444 of file AbstractUserAuthentication.php.

References $GLOBALS, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getCookieDomain(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isRefreshTimeBasedCookie(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isSetSessionCookie().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\enforceNewSessionId(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\start(), and TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\storeSessionData().

◆ setSessionData()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::setSessionData (   $key,
  $data 
)

Set session data by key. The data will last only for this login session since it is stored in the user session.

Parameters
string$key‪A non empty string to store the data under
mixed$data‪Data store store in session

Reimplemented in TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication.

Definition at line 1270 of file AbstractUserAuthentication.php.

◆ start()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::start ( )

Starts a user session Typical configurations will: a) check if session cookie was set and if not, set one, b) check if a password/username was sent and if so, try to authenticate the user c) Lookup a session attached to a user and check timeout etc. d) Garbage collection, setting of no-cache headers. If a user is authenticated the database record of the user (array) will be set in the ->user internal variable.

Exceptions
Exception

Reimplemented in TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication, and TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication.

Definition at line 327 of file AbstractUserAuthentication.php.

References $GLOBALS, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$id, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$sessionTimeout, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\createSessionId(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\gc(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getCookie(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isExistingSessionRecord(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\sendHttpHeaders(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setSessionCookie().

◆ unpack_uc()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::unpack_uc (   $theUC = '')

Sets $theUC as the internal variable ->uc IF $theUC is an array. If $theUC is FALSE, the 'uc' content from the ->user array will be unserialized and restored in ->uc

Parameters
mixed$theUC‪If an array, then set as ->uc, otherwise load from user record

Definition at line 1194 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\backendSetUC().

◆ updateLoginTimestamp()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::updateLoginTimestamp ( int  $userId)
protected

Updates the last login column in the user with the given id

Parameters
int$userId

Definition at line 913 of file AbstractUserAuthentication.php.

References $GLOBALS.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\createUserSession().

◆ userConstraints()

QueryRestrictionContainerInterface TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::userConstraints ( )
protected

This returns the restrictions needed to select the user respecting enable columns and flags like deleted, hidden, starttime, endtime and rootLevel

Returns
‪QueryRestrictionContainerInterface

Definition at line 1112 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getRawUserByName(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getRawUserByUid().

◆ writelog()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::writelog (   $type,
  $action,
  $error,
  $details_nr,
  $details,
  $data,
  $tablename,
  $recuid,
  $recpid 
)

DUMMY: Writes to log database table (in some extension classes)

Parameters
int$type‪denotes which module that has submitted the entry. This is the current list: 1=tce_db; 2=tce_file; 3=system (eg. sys_history save); 4=modules; 254=Personal settings changed; 255=login / out action: 1=login, 2=logout, 3=failed login (+ errorcode 3), 4=failure_warning_email sent
int$action‪denotes which specific operation that wrote the entry (eg. 'delete', 'upload', 'update' and so on...). Specific for each $type. Also used to trigger update of the interface. (see the log-module for the meaning of each number !!)
int$error‪flag. 0 = message, 1 = error (user problem), 2 = System Error (which should not happen), 3 = security notice (admin)
int$details_nr‪The message number. Specific for each $type and $action. in the future this will make it possible to translate errormessages to other languages
string$details‪Default text that follows the message
array$data‪Data that follows the log. Might be used to carry special information. If an array the first 5 entries (0-4) will be sprintf'ed the details-text...
string$tablename‪Special field used by tce_main.php. These ($tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)
int$recuid‪Special field used by tce_main.php. These ($tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)
int$recpid‪Special field used by tce_main.php. These ($tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)

Definition at line 1474 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication().

◆ writeUC()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::writeUC (   $variable = '')

This writes $variable to the user-record. This is a way of providing session-data. You can fetch the data again through $this->uc in this class! If $variable is not an array, $this->uc is saved!

Parameters
array | string$variable‪An array you want to store for the user as session data. If $variable is not supplied (is null), the internal variable, ->uc, is stored by default

Definition at line 1172 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$uc, and TYPO3\CMS\Core\Database\Connection\PARAM_LOB.

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\backendSetUC(), TYPO3\CMS\Viewpage\Controller\ViewModuleController\getCurrentLanguage(), TYPO3\CMS\Backend\Controller\ContentElement\ElementHistoryController\prepareDisplaySettings(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\pushModuleData(), TYPO3\CMS\Reports\Controller\ReportController\resetState(), TYPO3\CMS\Taskcenter\Controller\TaskStatusController\saveCollapseState(), TYPO3\CMS\Workspaces\Controller\Remote\ActionHandler\saveColumnModel(), TYPO3\CMS\Workspaces\Controller\Remote\ActionHandler\saveLanguageSelection(), TYPO3\CMS\Taskcenter\Controller\TaskStatusController\saveSortingState(), TYPO3\CMS\Reports\Controller\ReportController\saveState(), TYPO3\CMS\Backend\Controller\Page\TreeController\setTemporaryMountPointAction(), TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\storeSessionData(), and TYPO3\CMS\Beuser\Controller\BackendUserController\switchUser().

Member Data Documentation

◆ $auth_timeout_field

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$auth_timeout_field = ''

Name for a field to fetch the server session timeout from. If not empty this is a field name from the user table where the timeout can be found.

Definition at line 144 of file AbstractUserAuthentication.php.

◆ $checkPid

bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$checkPid = true

If set, the user-record must be stored at the page defined by $checkPid_value

Definition at line 228 of file AbstractUserAuthentication.php.

◆ $checkPid_value

int TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$checkPid_value = 0

The page id the user record must be stored at

Definition at line 233 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray().

◆ $cookieWasSetOnCurrentRequest

bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$cookieWasSetOnCurrentRequest = false
protected

Definition at line 280 of file AbstractUserAuthentication.php.

◆ $dontSetCookie

bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$dontSetCookie = false

Will prevent the setting of the session cookie (takes precedence over forceSetCookie)

Definition at line 276 of file AbstractUserAuthentication.php.

◆ $enablecolumns

array TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$enablecolumns
Initial value:
= array(
'rootLevel' => '',
'disabled' => '',
'starttime' => '',
'endtime' => '',
'deleted' => '',
)

Enable field columns of user table

Definition at line 103 of file AbstractUserAuthentication.php.

◆ $forceSetCookie

bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$forceSetCookie = false

Will force the session cookie to be set every time (lifetime must be 0)

Definition at line 271 of file AbstractUserAuthentication.php.

◆ $formfield_status

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$formfield_status = ''

Form field with status: *'login', 'logout'. If empty login is not verified.

Definition at line 129 of file AbstractUserAuthentication.php.

◆ $formfield_uident

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$formfield_uident = ''

Form field with password

Definition at line 124 of file AbstractUserAuthentication.php.

◆ $formfield_uname

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$formfield_uname = ''

Form field with login-name

Definition at line 119 of file AbstractUserAuthentication.php.

◆ $gc_probability

int TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$gc_probability = 1

Probability for garbage collection to be run (in percent)

Definition at line 166 of file AbstractUserAuthentication.php.

◆ $gc_time

int TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$gc_time = 0

GarbageCollection Purge all server session data older than $gc_time seconds. 0 = default to $this->sessionTimeout or use 86400 seconds (1 day) if $this->sessionTimeout == 0

Definition at line 161 of file AbstractUserAuthentication.php.

◆ $get_name

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$get_name = ''

Session/GET-var name

Definition at line 63 of file AbstractUserAuthentication.php.

◆ $get_URL_ID

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$get_URL_ID = ''

Will be added to the url (eg. '&login=ab7ef8d...') GET-auth-var if getFallBack is TRUE. Should be inserted in links!

Definition at line 261 of file AbstractUserAuthentication.php.

◆ $getFallBack

bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$getFallBack = false

If this is set, authentication is also accepted by $_GET. Notice that the identification is NOT 128bit MD5 hash but reduced. This is done in order to minimize the size for mobile-devices, such as WAP-phones

Definition at line 188 of file AbstractUserAuthentication.php.

◆ $getMethodEnabled

bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$getMethodEnabled = false

Setting this flag TRUE lets user-authentication happen from GET_VARS if POST_VARS are not set. Thus you may supply username/password with the URL.

Definition at line 203 of file AbstractUserAuthentication.php.

◆ $hash_length

int TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$hash_length = 32

The ident-hash is normally 32 characters and should be! But if you are making sites for WAP-devices or other low-bandwidth stuff, you may shorten the length. Never let this value drop below 6! A length of 6 would give you more than 16 mio possibilities.

Definition at line 197 of file AbstractUserAuthentication.php.

◆ $id

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$id

session_id (MD5-hash)

Definition at line 239 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Backend\FrontendBackendUserAuthentication\extGetTreeList(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getNewSessionRecord(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getSessionId(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isInWebMount(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\regenerateSessionId(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\start(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\workspaceAllowAutoCreation().

◆ $lastLogin_column

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$lastLogin_column = ''

Column name for last login timestamp

Definition at line 98 of file AbstractUserAuthentication.php.

◆ $lifetime

int TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$lifetime = 0

Lifetime for the session-cookie (on the client)

If >0: permanent cookie with given lifetime If 0: session-cookie Session-cookie means the browser will remove it when the browser is closed.

Definition at line 154 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\start().

◆ $lockIP

int TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$lockIP = 4

If set to 4, the session will be locked to the user's IP address (all four numbers). Reducing this to 1-3 means that only the given number of parts of the IP address is used.

Definition at line 209 of file AbstractUserAuthentication.php.

◆ $loginFailure

bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$loginFailure = false

Indicates if an authentication was started but failed

Definition at line 244 of file AbstractUserAuthentication.php.

◆ $loginSessionStarted

bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$loginSessionStarted = false

Will be set to TRUE if the login session is actually written during auth-check.

Definition at line 249 of file AbstractUserAuthentication.php.

◆ $loginType

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$loginType = ''

Login type, used for services.

Definition at line 285 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication(), TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\fetchGroupData(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getCookieDomain(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getLoginType(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\processLoginData().

◆ $name

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$name = ''

Session/Cookie name

Definition at line 58 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getRawUserByName().

◆ $newSessionID

bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$newSessionID = false

Will be set to TRUE if a new session ID was created

Definition at line 266 of file AbstractUserAuthentication.php.

◆ $sendNoCacheHeaders

bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$sendNoCacheHeaders = true

Send no-cache headers

Definition at line 181 of file AbstractUserAuthentication.php.

◆ $sessionBackend

SessionBackendInterface TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$sessionBackend
protected

Definition at line 298 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getSessionBackend().

◆ $sessionData

array TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$sessionData = array( )
protected

Holds deserialized data from session records. 'Reserved' keys are:

  • ‪'sys': Reserved for TypoScript standard code.

Definition at line 305 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getModuleData(), and TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\performLogoff().

◆ $sessionTimeout

int TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$sessionTimeout = 0

Session timeout (on the server)

If >0: session-timeout in seconds. If <=0: Instant logout after login.

Definition at line 138 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\fetchUserSession(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\start().

◆ $showHiddenRecords

bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$showHiddenRecords = false

Definition at line 114 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray().

◆ $svConfig

array TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$svConfig = array( )

"auth" services configuration array from $GLOBALS['TYPO3_CONF_VARS']['SVCONF']['auth']

Definition at line 290 of file AbstractUserAuthentication.php.

◆ $uc

array TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$uc

Definition at line 294 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\writeUC().

◆ $user

array null TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$user

contains user- AND session-data from database (joined tables)

Definition at line 254 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\backendCheckLogin(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\compareUident(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\fetchUserRecord().

◆ $user_table

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$user_table = ''

Table in database with user data

Definition at line 68 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray().

◆ $usergroup_column

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$usergroup_column = ''

Column for user group information

Definition at line 93 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray().

◆ $usergroup_table

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$usergroup_table = ''

Table in database with user groups

Definition at line 73 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray().

◆ $userid_column

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$userid_column = ''

Column for user-id

Definition at line 88 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getNewSessionRecord().

◆ $userident_column

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$userident_column = ''

Column for password

Definition at line 83 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\compareUident(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray().

◆ $username_column

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$username_column = ''

Column for login-name

Definition at line 78 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray().

◆ $warningEmail

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$warningEmail = ''

Definition at line 213 of file AbstractUserAuthentication.php.

◆ $warningMax

int TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$warningMax = 3

The maximum accepted number of warnings before an email to $warningEmail is sent

Definition at line 223 of file AbstractUserAuthentication.php.

◆ $warningPeriod

int TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$warningPeriod = 3600

Time span (in seconds) within the number of failed logins are collected

Definition at line 218 of file AbstractUserAuthentication.php.

◆ $writeAttemptLog

bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$writeAttemptLog = false

Log failed login attempts

Definition at line 176 of file AbstractUserAuthentication.php.

◆ $writeStdLog

bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$writeStdLog = false

Decides if the writelog() function is called at login and logout

Definition at line 171 of file AbstractUserAuthentication.php.