1 <?php

2 namespace TYPO3\CMS\Core\Authentication;

3 

17 use TYPO3\CMS\Core\Database\DatabaseConnection;

18 use TYPO3\CMS\Core\Utility\GeneralUtility;

19 

32 abstract class AbstractUserAuthentication {

33 

39  public $global_database = '';

40 

46  public $session_table = '';

47 

53  public $name = '';

54 

60  public $get_name = '';

61 

67  public $user_table = '';

68 

73  public $usergroup_table = '';

74 

80  public $username_column = '';

81 

87  public $userident_column = '';

88 

94  public $userid_column = '';

95 

100  public $usergroup_column = '';

101 

107  public $lastLogin_column = '';

108 

114  public $enablecolumns = array(

115  'rootLevel' => '',

116  // Boolean: If TRUE, 'AND pid=0' will be a part of the query...

117  'disabled' => '',

118  'starttime' => '',

119  'endtime' => '',

120  'deleted' => ''

121  );

122 

126  public $showHiddenRecords = FALSE;

127 

133  public $formfield_uname = '';

134 

140  public $formfield_uident = '';

141 

147  public $formfield_chalvalue = '';

148 

154  public $formfield_status = '';

155 

164  public $auth_timeout_field = 0;

165 

174  public $lifetime = 0;

175 

183  public $gc_time = 0;

184 

190  public $gc_probability = 1;

191 

197  public $writeStdLog = FALSE;

198 

204  public $writeAttemptLog = FALSE;

205 

211  public $sendNoCacheHeaders = TRUE;

212 

220  public $getFallBack = FALSE;

221 

231  public $hash_length = 32;

232 

239  public $getMethodEnabled = FALSE;

240 

247  public $lockIP = 4;

248 

256  public $lockHashKeyWords = 'useragent';

257 

262  public $warningEmail = '';

263 

269  public $warningPeriod = 3600;

270 

276  public $warningMax = 3;

277 

283  public $checkPid = TRUE;

284 

290  public $checkPid_value = 0;

291 

298  public $id;

299 

308  public $cookieId;

309 

315  public $loginFailure = FALSE;

316 

322  public $loginSessionStarted = FALSE;

323 

329  public $user = NULL;

330 

338  public $get_URL_ID = '';

339 

345  public $newSessionID = FALSE;

346 

352  public $forceSetCookie = FALSE;

353 

359  public $dontSetCookie = FALSE;

360 

364  protected $cookieWasSetOnCurrentRequest = FALSE;

365 

372  public $challengeStoredInCookie = FALSE;

373 

379  public $loginType = '';

380 

386  public $svConfig = array();

387 

393  public $writeDevLog = FALSE;

394 

398  public $uc;

399 

403  protected $db = NULL;

404 

408  public function __construct() {

409  $this->db = $this->getDatabaseConnection();

410  }

411 

425  public function start() {

426  // Backend or frontend login - used for auth services

427  if (empty($this->loginType)) {

428  throw new \TYPO3\CMS\Core\Exception('No loginType defined, should be set explicitly by subclass');

429  }

430  // Enable dev logging if set

431  if ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['writeDevLog']) {

432  $this->writeDevLog = TRUE;

433  }

434  if ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['writeDevLog' . $this->loginType]) {

435  $this->writeDevLog = TRUE;

436  }

437  if (TYPO3_DLOG) {

438  $this->writeDevLog = TRUE;

439  }

440  if ($this->writeDevLog) {

441  GeneralUtility::devLog('## Beginning of auth logging.', 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication');

442  }

443  // Init vars.

444  $mode = '';

445  $this->newSessionID = FALSE;

446  // $id is set to ses_id if cookie is present. Else set to FALSE, which will start a new session

447  $id = $this->getCookie($this->name);

448  $this->svConfig = $GLOBALS['TYPO3_CONF_VARS']['SVCONF']['auth'];

449 

450  // If fallback to get mode....

451  if (!$id && $this->getFallBack && $this->get_name) {

452  $id = isset($_GET[$this->get_name]) ? GeneralUtility::_GET($this->get_name) : '';

453  if (strlen($id) != $this->hash_length) {

454  $id = '';

455  }

456  $mode = 'get';

457  }

458 

459  // If new session or client tries to fix session...

460  if (!$id || !$this->isExistingSessionRecord($id)) {

461  // New random session-$id is made

462  $id = $this->createSessionId();

463  // New session

464  $this->newSessionID = TRUE;

465  }

466  // Internal var 'id' is set

467  $this->id = $id;

468  // If fallback to get mode....

469  if ($mode == 'get' && $this->getFallBack && $this->get_name) {

470  $this->get_URL_ID = '&' . $this->get_name . '=' . $id;

471  }

472  // Set session hashKey lock keywords from configuration; currently only 'useragent' can be used.

473  $this->lockHashKeyWords = $GLOBALS['TYPO3_CONF_VARS'][$this->loginType]['lockHashKeyWords'];

474  // Make certain that NO user is set initially

475  $this->user = NULL;

476  // Set all possible headers that could ensure that the script is not cached on the client-side

477  if ($this->sendNoCacheHeaders && !(TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_CLI)) {

478  header('Expires: 0');

479  header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT');

480  $cacheControlHeader = 'no-cache, must-revalidate';

481  $pragmaHeader = 'no-cache';

482  // Prevent error message in IE when using a https connection

483  // see http://forge.typo3.org/issues/24125

484  $clientInfo = GeneralUtility::clientInfo();

485  if ($clientInfo['BROWSER'] === 'msie' && GeneralUtility::getIndpEnv('TYPO3_SSL')) {

486  // Some IEs can not handle no-cache

487  // see http://support.microsoft.com/kb/323308/en-us

488  $cacheControlHeader = 'must-revalidate';

489  // IE needs "Pragma: private" if SSL connection

490  $pragmaHeader = 'private';

491  }

492  header('Cache-Control: ' . $cacheControlHeader);

493  header('Pragma: ' . $pragmaHeader);

494  }

495  // Load user session, check to see if anyone has submitted login-information and if so authenticate

496  // the user with the session. $this->user[uid] may be used to write log...

497  $this->checkAuthentication();

498  // Setting cookies

499  if (!$this->dontSetCookie) {

500  $this->setSessionCookie();

501  }

502  // Hook for alternative ways of filling the $this->user array (is used by the "timtaw" extension)

503  if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['postUserLookUp'])) {

504  foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['postUserLookUp'] as $funcName) {

505  $_params = array(

506  'pObj' => &$this

507  );

508  GeneralUtility::callUserFunction($funcName, $_params, $this);

509  }

510  }

511  // Set $this->gc_time if not explicitely specified

512  if ($this->gc_time == 0) {

513  // Default to 1 day if $this->auth_timeout_field is 0

514  $this->gc_time = $this->auth_timeout_field == 0 ? 86400 : $this->auth_timeout_field;

515  }

516  // If we're lucky we'll get to clean up old sessions....

517  if (rand() % 100 <= $this->gc_probability) {

518  $this->gc();

519  }

520  }

521 

528  protected function setSessionCookie() {

529  $isSetSessionCookie = $this->isSetSessionCookie();

530  $isRefreshTimeBasedCookie = $this->isRefreshTimeBasedCookie();

531  if ($isSetSessionCookie || $isRefreshTimeBasedCookie) {

532  $settings = $GLOBALS['TYPO3_CONF_VARS']['SYS'];

533  // Get the domain to be used for the cookie (if any):

534  $cookieDomain = $this->getCookieDomain();

535  // If no cookie domain is set, use the base path:

536  $cookiePath = $cookieDomain ? '/' : GeneralUtility::getIndpEnv('TYPO3_SITE_PATH');

537  // If the cookie lifetime is set, use it:

538  $cookieExpire = $isRefreshTimeBasedCookie ? $GLOBALS['EXEC_TIME'] + $this->lifetime : 0;

539  // Use the secure option when the current request is served by a secure connection:

540  $cookieSecure = (bool) $settings['cookieSecure'] && GeneralUtility::getIndpEnv('TYPO3_SSL');

541  // Deliver cookies only via HTTP and prevent possible XSS by JavaScript:

542  $cookieHttpOnly = (bool) $settings['cookieHttpOnly'];

543  // Do not set cookie if cookieSecure is set to "1" (force HTTPS) and no secure channel is used:

544  if ((int)$settings['cookieSecure'] !== 1 || GeneralUtility::getIndpEnv('TYPO3_SSL')) {

545  setcookie($this->name, $this->id, $cookieExpire, $cookiePath, $cookieDomain, $cookieSecure, $cookieHttpOnly);

546  $this->cookieWasSetOnCurrentRequest = TRUE;

547  } else {

548  throw new \TYPO3\CMS\Core\Exception('Cookie was not set since HTTPS was forced in $TYPO3_CONF_VARS[SYS][cookieSecure].', 1254325546);

549  }

550  if ($this->writeDevLog) {

551  $devLogMessage = ($isRefreshTimeBasedCookie ? 'Updated Cookie: ' : 'Set Cookie: ') . $this->id;

552  GeneralUtility::devLog($devLogMessage . ($cookieDomain ? ', ' . $cookieDomain : ''), 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication');

553  }

554  }

555  }

556 

563  protected function getCookieDomain() {

564  $result = '';

565  $cookieDomain = $GLOBALS['TYPO3_CONF_VARS']['SYS']['cookieDomain'];

566  // If a specific cookie domain is defined for a given TYPO3_MODE,

567  // use that domain

568  if (!empty($GLOBALS['TYPO3_CONF_VARS'][$this->loginType]['cookieDomain'])) {

569  $cookieDomain = $GLOBALS['TYPO3_CONF_VARS'][$this->loginType]['cookieDomain'];

570  }

571  if ($cookieDomain) {

572  if ($cookieDomain[0] == '/') {

573  $match = array();

574  $matchCnt = @preg_match($cookieDomain, GeneralUtility::getIndpEnv('TYPO3_HOST_ONLY'), $match);

575  if ($matchCnt === FALSE) {

576  GeneralUtility::sysLog('The regular expression for the cookie domain (' . $cookieDomain . ') contains errors. The session is not shared across sub-domains.', 'Core', GeneralUtility::SYSLOG_SEVERITY_ERROR);

577  } elseif ($matchCnt) {

578  $result = $match[0];

579  }

580  } else {

581  $result = $cookieDomain;

582  }

583  }

584  return $result;

585  }

586 

593  protected function getCookie($cookieName) {

594  return isset($_COOKIE[$cookieName]) ? stripslashes($_COOKIE[$cookieName]) : '';

595  }

596 

604  public function isSetSessionCookie() {

605  return ($this->newSessionID || $this->forceSetCookie) && $this->lifetime == 0;

606  }

607 

615  public function isRefreshTimeBasedCookie() {

616  return $this->lifetime > 0;

617  }

618 

627  public function checkAuthentication() {

628  // No user for now - will be searched by service below

629  $tempuserArr = array();

630  $tempuser = FALSE;

631  // User is not authenticated by default

632  $authenticated = FALSE;

633  // User want to login with passed login data (name/password)

634  $activeLogin = FALSE;

635  // Indicates if an active authentication failed (not auto login)

636  $this->loginFailure = FALSE;

637  if ($this->writeDevLog) {

638  GeneralUtility::devLog('Login type: ' . $this->loginType, 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication');

639  }

640  // The info array provide additional information for auth services

641  $authInfo = $this->getAuthInfoArray();

642  // Get Login/Logout data submitted by a form or params

643  $loginData = $this->getLoginFormData();

644  if ($this->writeDevLog) {

645  GeneralUtility::devLog('Login data: ' . GeneralUtility::arrayToLogString($loginData), 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication');

646  }

647  // Active logout (eg. with "logout" button)

648  if ($loginData['status'] == 'logout') {

649  if ($this->writeStdLog) {

650  // $type,$action,$error,$details_nr,$details,$data,$tablename,$recuid,$recpid

651  $this->writelog(255, 2, 0, 2, 'User %s logged out', array($this->user['username']), '', 0, 0);

652  }

653  // Logout written to log

654  if ($this->writeDevLog) {

655  GeneralUtility::devLog('User logged out. Id: ' . $this->id, 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication', -1);

656  }

657  $this->logoff();

658  }

659  // Active login (eg. with login form)

660  if ($loginData['status'] == 'login') {

661  $activeLogin = TRUE;

662  if ($this->writeDevLog) {

663  GeneralUtility::devLog('Active login (eg. with login form)', 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication');

664  }

665  // check referer for submitted login values

666  if ($this->formfield_status && $loginData['uident'] && $loginData['uname']) {

667  $httpHost = GeneralUtility::getIndpEnv('TYPO3_HOST_ONLY');

668  if (!$this->getMethodEnabled && ($httpHost != $authInfo['refInfo']['host'] && !$GLOBALS['TYPO3_CONF_VARS']['SYS']['doNotCheckReferer'])) {

669  throw new \RuntimeException('TYPO3 Fatal Error: Error: This host address ("' . $httpHost . '") and the referer host ("' . $authInfo['refInfo']['host'] . '") mismatches!<br />

670  It\'s possible that the environment variable HTTP_REFERER is not passed to the script because of a proxy.<br />

671  The site administrator can disable this check in the "All Configuration" section of the Install Tool (flag: TYPO3_CONF_VARS[SYS][doNotCheckReferer]).', 1270853930);

672  }

673  // Delete old user session if any

674  $this->logoff();

675  }

676  // Refuse login for _CLI users, if not processing a CLI request type

677  // (although we shouldn't be here in case of a CLI request type)

678  if (strtoupper(substr($loginData['uname'], 0, 5)) == '_CLI_' && !(TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_CLI)) {

679  throw new \RuntimeException('TYPO3 Fatal Error: You have tried to login using a CLI user. Access prohibited!', 1270853931);

680  }

681  }

682  // The following code makes auto-login possible (if configured). No submitted data needed

683  // Determine whether we need to skip session update.

684  // This is used mainly for checking session timeout without

685  // refreshing the session itself while checking.

686  $skipSessionUpdate = (bool)GeneralUtility::_GP('skipSessionUpdate');

687  $haveSession = FALSE;

688  if (!$this->newSessionID) {

689  // Read user session

690  $authInfo['userSession'] = $this->fetchUserSession($skipSessionUpdate);

691  $haveSession = is_array($authInfo['userSession']) ? TRUE : FALSE;

692  }

693  if ($this->writeDevLog) {

694  if ($haveSession) {

695  GeneralUtility::devLog('User session found: ' . GeneralUtility::arrayToLogString($authInfo['userSession'], array($this->userid_column, $this->username_column)), 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication', 0);

696  } else {

697  GeneralUtility::devLog('No user session found.', 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication', 2);

698  }

699  if (is_array($this->svConfig['setup'])) {

700  GeneralUtility::devLog('SV setup: ' . GeneralUtility::arrayToLogString($this->svConfig['setup']), 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication', 0);

701  }

702  }

703  // Fetch user if ...

704  if (

705  $activeLogin || $this->svConfig['setup'][$this->loginType . '_alwaysFetchUser']

706  || !$haveSession && $this->svConfig['setup'][$this->loginType . '_fetchUserIfNoSession']

707  ) {

708  // Use 'auth' service to find the user

709  // First found user will be used

710  $serviceChain = '';

711  $subType = 'getUser' . $this->loginType;

712  while (is_object($serviceObj = GeneralUtility::makeInstanceService('auth', $subType, $serviceChain))) {

713  $serviceChain .= ',' . $serviceObj->getServiceKey();

714  $serviceObj->initAuth($subType, $loginData, $authInfo, $this);

715  if ($row = $serviceObj->getUser()) {

716  $tempuserArr[] = $row;

717  if ($this->writeDevLog) {

718  GeneralUtility::devLog('User found: ' . GeneralUtility::arrayToLogString($row, array($this->userid_column, $this->username_column)), 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication', 0);

719  }

720  // User found, just stop to search for more if not configured to go on

721  if (!$this->svConfig['setup'][($this->loginType . '_fetchAllUsers')]) {

722  break;

723  }

724  }

725  unset($serviceObj);

726  }

727  unset($serviceObj);

728  if ($this->writeDevLog && $this->svConfig['setup'][$this->loginType . '_alwaysFetchUser']) {

729  GeneralUtility::devLog($this->loginType . '_alwaysFetchUser option is enabled', 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication');

730  }

731  if ($this->writeDevLog && $serviceChain) {

732  GeneralUtility::devLog($subType . ' auth services called: ' . $serviceChain, 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication');

733  }

734  if ($this->writeDevLog && !count($tempuserArr)) {

735  GeneralUtility::devLog('No user found by services', 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication');

736  }

737  if ($this->writeDevLog && count($tempuserArr)) {

738  GeneralUtility::devLog(count($tempuserArr) . ' user records found by services', 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication');

739  }

740  }

741  // If no new user was set we use the already found user session

742  if (!count($tempuserArr) && $haveSession) {

743  $tempuserArr[] = $authInfo['userSession'];

744  $tempuser = $authInfo['userSession'];

745  // User is authenticated because we found a user session

746  $authenticated = TRUE;

747  if ($this->writeDevLog) {

748  GeneralUtility::devLog('User session used: ' . GeneralUtility::arrayToLogString($authInfo['userSession'], array($this->userid_column, $this->username_column)), 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication');

749  }

750  }

751  // Re-auth user when 'auth'-service option is set

752  if ($this->svConfig['setup'][$this->loginType . '_alwaysAuthUser']) {

753  $authenticated = FALSE;

754  if ($this->writeDevLog) {

755  GeneralUtility::devLog('alwaysAuthUser option is enabled', 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication');

756  }

757  }

758  // Authenticate the user if needed

759  if (count($tempuserArr) && !$authenticated) {

760  foreach ($tempuserArr as $tempuser) {

761  // Use 'auth' service to authenticate the user

762  // If one service returns FALSE then authentication failed

763  // a service might return 100 which means there's no reason to stop but the user can't be authenticated by that service

764  if ($this->writeDevLog) {

765  GeneralUtility::devLog('Auth user: ' . GeneralUtility::arrayToLogString($tempuser), 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication');

766  }

767  $serviceChain = '';

768  $subType = 'authUser' . $this->loginType;

769  while (is_object($serviceObj = GeneralUtility::makeInstanceService('auth', $subType, $serviceChain))) {

770  $serviceChain .= ',' . $serviceObj->getServiceKey();

771  $serviceObj->initAuth($subType, $loginData, $authInfo, $this);

772  if (($ret = $serviceObj->authUser($tempuser)) > 0) {

773  // If the service returns >=200 then no more checking is needed - useful for IP checking without password

774  if ((int)$ret >= 200) {

775  $authenticated = TRUE;

776  break;

777  } elseif ((int)$ret >= 100) {

778 

779  } else {

780  $authenticated = TRUE;

781  }

782  } else {

783  $authenticated = FALSE;

784  break;

785  }

786  unset($serviceObj);

787  }

788  unset($serviceObj);

789  if ($this->writeDevLog && $serviceChain) {

790  GeneralUtility::devLog($subType . ' auth services called: ' . $serviceChain, 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication');

791  }

792  if ($authenticated) {

793  // Leave foreach() because a user is authenticated

794  break;

795  }

796  }

797  }

798  // If user is authenticated a valid user is in $tempuser

799  if ($authenticated) {

800  // Reset failure flag

801  $this->loginFailure = FALSE;

802  // Insert session record if needed:

803  if (!($haveSession && ($tempuser['ses_id'] == $this->id || $tempuser['uid'] == $authInfo['userSession']['ses_userid']))) {

804  $sessionData = $this->createUserSession($tempuser);

805  if ($sessionData) {

806  $this->user = array_merge(

807  $tempuser,

808  $sessionData

809  );

810  }

811  // The login session is started.

812  $this->loginSessionStarted = TRUE;

813  if ($this->writeDevLog && is_array($this->user)) {

814  GeneralUtility::devLog('User session finally read: ' . GeneralUtility::arrayToLogString($this->user, array($this->userid_column, $this->username_column)), 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication', -1);

815  }

816  } elseif ($haveSession) {

817  $this->user = $authInfo['userSession'];

818  }

819  if ($activeLogin && !$this->newSessionID) {

820  $this->regenerateSessionId();

821  }

822  // User logged in - write that to the log!

823  if ($this->writeStdLog && $activeLogin) {

824  $this->writelog(255, 1, 0, 1, 'User %s logged in from %s (%s)', array($tempuser[$this->username_column], GeneralUtility::getIndpEnv('REMOTE_ADDR'), GeneralUtility::getIndpEnv('REMOTE_HOST')), '', '', '', -1, '', $tempuser['uid']);

825  }

826  if ($this->writeDevLog && $activeLogin) {

827  GeneralUtility::devLog('User ' . $tempuser[$this->username_column] . ' logged in from ' . GeneralUtility::getIndpEnv('REMOTE_ADDR') . ' (' . GeneralUtility::getIndpEnv('REMOTE_HOST') . ')', 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication', -1);

828  }

829  if ($this->writeDevLog && !$activeLogin) {

830  GeneralUtility::devLog('User ' . $tempuser[$this->username_column] . ' authenticated from ' . GeneralUtility::getIndpEnv('REMOTE_ADDR') . ' (' . GeneralUtility::getIndpEnv('REMOTE_HOST') . ')', 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication', -1);

831  }

832  if ((int)$GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] === 3 && $this->user_table === 'be_users') {

833  $requestStr = substr(GeneralUtility::getIndpEnv('TYPO3_REQUEST_SCRIPT'), strlen(GeneralUtility::getIndpEnv('TYPO3_SITE_URL') . TYPO3_mainDir));

834  $backendScript = \TYPO3\CMS\Backend\Utility\BackendUtility::getBackendScript();

835  if ($requestStr == $backendScript && GeneralUtility::getIndpEnv('TYPO3_SSL')) {

836  list(, $url) = explode('://', GeneralUtility::getIndpEnv('TYPO3_SITE_URL'), 2);

837  list($server, $address) = explode('/', $url, 2);

838  if ((int)$GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSLPort']) {

839  $sslPortSuffix = ':' . (int)$GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSLPort'];

840  // strip port from server

841  $server = str_replace($sslPortSuffix, '', $server);

842  }

843  \TYPO3\CMS\Core\Utility\HttpUtility::redirect('http://' . $server . '/' . $address . TYPO3_mainDir . $backendScript);

844  }

845  }

846  } elseif ($activeLogin || count($tempuserArr)) {

847  $this->loginFailure = TRUE;

848  if ($this->writeDevLog && !count($tempuserArr) && $activeLogin) {

849  GeneralUtility::devLog('Login failed: ' . GeneralUtility::arrayToLogString($loginData), 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication', 2);

850  }

851  if ($this->writeDevLog && count($tempuserArr)) {

852  GeneralUtility::devLog('Login failed: ' . GeneralUtility::arrayToLogString($tempuser, array($this->userid_column, $this->username_column)), 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication', 2);

853  }

854  }

855  // If there were a login failure, check to see if a warning email should be sent:

856  if ($this->loginFailure && $activeLogin) {

857  if ($this->writeDevLog) {

858  GeneralUtility::devLog('Call checkLogFailures: ' . GeneralUtility::arrayToLogString(array('warningEmail' => $this->warningEmail, 'warningPeriod' => $this->warningPeriod, 'warningMax' => $this->warningMax)), 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication', -1);

859  }

860 

861  // Hook to implement login failure tracking methods

862  if (

863  !empty($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['postLoginFailureProcessing'])

864  && is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['postLoginFailureProcessing'])

865  ) {

866  $_params = array();

867  foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['postLoginFailureProcessing'] as $_funcRef) {

868  GeneralUtility::callUserFunction($_funcRef, $_params, $this);

869  }

870  } else {

871  // If no hook is implemented, wait for 5 seconds

872  sleep(5);

873  }

874 

875  $this->checkLogFailures($this->warningEmail, $this->warningPeriod, $this->warningMax);

876  }

877  }

878 

884  public function createSessionId() {

885  return GeneralUtility::getRandomHexString($this->hash_length);

886  }

887 

893  protected function regenerateSessionId() {

894  $oldSessionId = $this->id;

895  $this->id = $this->createSessionId();

896  // Update session record with new ID

897  $this->db->exec_UPDATEquery(

898  $this->session_table,

899  'ses_id = ' . $this->db->fullQuoteStr($oldSessionId, $this->session_table)

900  . ' AND ses_name = ' . $this->db->fullQuoteStr($this->name, $this->session_table),

901  array('ses_id' => $this->id)

902  );

903  $this->user['ses_id'] = $this->id;

904  $this->newSessionID = TRUE;

905  }

906 

907  /*************************

908  *

909  * User Sessions

910  *

911  *************************/

920  public function createUserSession($tempuser) {

921  if ($this->writeDevLog) {

922  GeneralUtility::devLog('Create session ses_id = ' . $this->id, 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication');

923  }

924  // Delete session entry first

925  $this->db->exec_DELETEquery(

926  $this->session_table,

927  'ses_id = ' . $this->db->fullQuoteStr($this->id, $this->session_table)

928  . ' AND ses_name = ' . $this->db->fullQuoteStr($this->name, $this->session_table)

929  );

930  // Re-create session entry

931  $insertFields = $this->getNewSessionRecord($tempuser);

932  $inserted = (boolean) $this->db->exec_INSERTquery($this->session_table, $insertFields);

933  if (!$inserted) {

934  $message = 'Session data could not be written to DB. Error: ' . $this->db->sql_error();

935  GeneralUtility::sysLog($message, 'Core', GeneralUtility::SYSLOG_SEVERITY_WARNING);

936  if ($this->writeDevLog) {

937  GeneralUtility::devLog($message, 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication', 2);

938  }

939  }

940  // Updating lastLogin_column carrying information about last login.

941  if ($this->lastLogin_column && $inserted) {

942  $this->db->exec_UPDATEquery(

943  $this->user_table,

944  $this->userid_column . '=' . $this->db->fullQuoteStr($tempuser[$this->userid_column], $this->user_table),

945  array($this->lastLogin_column => $GLOBALS['EXEC_TIME'])

946  );

947  }

948 

949  return $inserted ? $insertFields : array();

950  }

951 

960  public function getNewSessionRecord($tempuser) {

961  return array(

962  'ses_id' => $this->id,

963  'ses_name' => $this->name,

964  'ses_iplock' => $tempuser['disableIPlock'] ? '[DISABLED]' : $this->ipLockClause_remoteIPNumber($this->lockIP),

965  'ses_hashlock' => $this->hashLockClause_getHashInt(),

966  'ses_userid' => $tempuser[$this->userid_column],

967  'ses_tstamp' => $GLOBALS['EXEC_TIME']

968  );

969  }

970 

978  public function fetchUserSession($skipSessionUpdate = FALSE) {

979  $user = FALSE;

980  if ($this->writeDevLog) {

981  GeneralUtility::devLog('Fetch session ses_id = ' . $this->id, 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication');

982  }

983 

984  // Fetch the user session from the DB

985  $statement = $this->fetchUserSessionFromDB();

986 

987  if ($statement) {

988  $statement->execute();

989  $user = $statement->fetch();

990  $statement->free();

991  }

992  if ($user) {

993  // A user was found

994  if (\TYPO3\CMS\Core\Utility\MathUtility::canBeInterpretedAsInteger($this->auth_timeout_field)) {

995  // Get timeout from object

996  $timeout = (int)$this->auth_timeout_field;

997  } else {

998  // Get timeout-time from usertable

999  $timeout = (int)$user[$this->auth_timeout_field];

1000  }

1001  // If timeout > 0 (TRUE) and current time has not exceeded the latest sessions-time plus the timeout in seconds then accept user

1002  // Option later on: We could check that last update was at least x seconds ago in order not to update twice in a row if one script redirects to another...

1003  if ($timeout > 0 && $GLOBALS['EXEC_TIME'] < $user['ses_tstamp'] + $timeout) {

1004  if (!$skipSessionUpdate) {

1005  $this->db->exec_UPDATEquery($this->session_table, 'ses_id=' . $this->db->fullQuoteStr($this->id, $this->session_table)

1006  . ' AND ses_name=' . $this->db->fullQuoteStr($this->name, $this->session_table), array('ses_tstamp' => $GLOBALS['EXEC_TIME']));

1007  // Make sure that the timestamp is also updated in the array

1008  $user['ses_tstamp'] = $GLOBALS['EXEC_TIME'];

1009  }

1010  } else {

1011  // Delete any user set...

1012  $this->logoff();

1013  $user = FALSE;

1014  }

1015  }

1016  return $user;

1017  }

1018 

1027  public function logoff() {

1028  if ($this->writeDevLog) {

1029  GeneralUtility::devLog('logoff: ses_id = ' . $this->id, 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication');

1030  }

1031  // Release the locked records

1032  \TYPO3\CMS\Backend\Utility\BackendUtility::lockRecords();

1033  // Hook for pre-processing the logoff() method, requested and implemented by andreas.otto@dkd.de:

1034  if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['logoff_pre_processing'])) {

1035  $_params = array();

1036  foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['logoff_pre_processing'] as $_funcRef) {

1037  if ($_funcRef) {

1038  GeneralUtility::callUserFunction($_funcRef, $_params, $this);

1039  }

1040  }

1041  }

1042  $this->db->exec_DELETEquery($this->session_table, 'ses_id = ' . $this->db->fullQuoteStr($this->id, $this->session_table) . '

1043  AND ses_name = ' . $this->db->fullQuoteStr($this->name, $this->session_table));

1044  $this->user = NULL;

1045  // Hook for post-processing the logoff() method, requested and implemented by andreas.otto@dkd.de:

1046  if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['logoff_post_processing'])) {

1047  $_params = array();

1048  foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['logoff_post_processing'] as $_funcRef) {

1049  if ($_funcRef) {

1050  GeneralUtility::callUserFunction($_funcRef, $_params, $this);

1051  }

1052  }

1053  }

1054  }

1055 

1062  public function removeCookie($cookieName) {

1063  $cookieDomain = $this->getCookieDomain();

1064  // If no cookie domain is set, use the base path

1065  $cookiePath = $cookieDomain ? '/' : GeneralUtility::getIndpEnv('TYPO3_SITE_PATH');

1066  setcookie($cookieName, NULL, -1, $cookiePath, $cookieDomain);

1067  }

1068 

1077  public function isExistingSessionRecord($id) {

1078  $statement = $this->db->prepare_SELECTquery('COUNT(*)', $this->session_table, 'ses_id = :ses_id');

1079  $statement->execute(array(':ses_id' => $id));

1080  $row = $statement->fetch(\TYPO3\CMS\Core\Database\PreparedStatement::FETCH_NUM);

1081  $statement->free();

1082  return $row[0] ? TRUE : FALSE;

1083  }

1084 

1092  public function isCookieSet() {

1093  return $this->cookieWasSetOnCurrentRequest || $this->getCookie($this->name);

1094  }

1095 

1096  /*************************

1097  *

1098  * SQL Functions

1099  *

1100  *************************/

1111  protected function fetchUserSessionFromDB() {

1112  $statement = NULL;

1113  $ipLockClause = $this->ipLockClause();

1114  if ($GLOBALS['CLIENT']['BROWSER'] == 'flash') {

1115  // If on the flash client, the veri code is valid, then the user session is fetched

1116  // from the DB without the hashLock clause

1117  if (GeneralUtility::_GP('vC') == $this->veriCode()) {

1118  $statement = $this->db->prepare_SELECTquery('*', $this->session_table . ',' . $this->user_table, $this->session_table . '.ses_id = :ses_id

1119  AND ' . $this->session_table . '.ses_name = :ses_name

1120  AND ' . $this->session_table . '.ses_userid = ' . $this->user_table . '.' . $this->userid_column . '

1121  ' . $ipLockClause['where'] . '

1122  ' . $this->user_where_clause());

1123  $statement->bindValues(array(

1124  ':ses_id' => $this->id,

1125  ':ses_name' => $this->name

1126  ));

1127  $statement->bindValues($ipLockClause['parameters']);

1128  }

1129  } else {

1130  $statement = $this->db->prepare_SELECTquery('*', $this->session_table . ',' . $this->user_table, $this->session_table . '.ses_id = :ses_id

1131  AND ' . $this->session_table . '.ses_name = :ses_name

1132  AND ' . $this->session_table . '.ses_userid = ' . $this->user_table . '.' . $this->userid_column . '

1133  ' . $ipLockClause['where'] . '

1134  ' . $this->hashLockClause() . '

1135  ' . $this->user_where_clause());

1136  $statement->bindValues(array(

1137  ':ses_id' => $this->id,

1138  ':ses_name' => $this->name

1139  ));

1140  $statement->bindValues($ipLockClause['parameters']);

1141  }

1142  return $statement;

1143  }

1144 

1152  protected function user_where_clause() {

1153  $whereClause = '';

1154  if ($this->enablecolumns['rootLevel']) {

1155  $whereClause .= 'AND ' . $this->user_table . '.pid=0 ';

1156  }

1157  if ($this->enablecolumns['disabled']) {

1158  $whereClause .= ' AND ' . $this->user_table . '.' . $this->enablecolumns['disabled'] . '=0';

1159  }

1160  if ($this->enablecolumns['deleted']) {

1161  $whereClause .= ' AND ' . $this->user_table . '.' . $this->enablecolumns['deleted'] . '=0';

1162  }

1163  if ($this->enablecolumns['starttime']) {

1164  $whereClause .= ' AND (' . $this->user_table . '.' . $this->enablecolumns['starttime'] . '<=' . $GLOBALS['EXEC_TIME'] . ')';

1165  }

1166  if ($this->enablecolumns['endtime']) {

1167  $whereClause .= ' AND (' . $this->user_table . '.' . $this->enablecolumns['endtime'] . '=0 OR '

1168  . $this->user_table . '.' . $this->enablecolumns['endtime'] . '>' . $GLOBALS['EXEC_TIME'] . ')';

1169  }

1170  return $whereClause;

1171  }

1172 

1179  protected function ipLockClause() {

1180  $statementClause = array(

1181  'where' => '',

1182  'parameters' => array()

1183  );

1184  if ($this->lockIP) {

1185  $statementClause['where'] = 'AND (

1186  ' . $this->session_table . '.ses_iplock = :ses_iplock

1187  OR ' . $this->session_table . '.ses_iplock=\'[DISABLED]\'

1188  )';

1189  $statementClause['parameters'] = array(

1190  ':ses_iplock' => $this->ipLockClause_remoteIPNumber($this->lockIP)

1191  );

1192  }

1193  return $statementClause;

1194  }

1195 

1204  protected function ipLockClause_remoteIPNumber($parts) {

1205  $IP = GeneralUtility::getIndpEnv('REMOTE_ADDR');

1206  if ($parts >= 4) {

1207  return $IP;

1208  } else {

1209  $parts = \TYPO3\CMS\Core\Utility\MathUtility::forceIntegerInRange($parts, 1, 3);

1210  $IPparts = explode('.', $IP);

1211  for ($a = 4; $a > $parts; $a--) {

1212  unset($IPparts[$a - 1]);

1213  }

1214  return implode('.', $IPparts);

1215  }

1216  }

1217 

1225  public function veriCode() {

1226  return substr(md5($this->id . $GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']), 0, 10);

1227  }

1228 

1235  protected function hashLockClause() {

1236  return 'AND ' . $this->session_table . '.ses_hashlock=' . $this->hashLockClause_getHashInt();

1237  }

1238 

1245  protected function hashLockClause_getHashInt() {

1246  $hashStr = '';

1247  if (GeneralUtility::inList($this->lockHashKeyWords, 'useragent')) {

1248  $hashStr .= ':' . GeneralUtility::getIndpEnv('HTTP_USER_AGENT');

1249  }

1250  return GeneralUtility::md5int($hashStr);

1251  }

1252 

1253  /*************************

1254  *

1255  * Session and Configuration Handling

1256  *

1257  *************************/

1267  public function writeUC($variable = '') {

1268  if (is_array($this->user) && $this->user[$this->userid_column]) {

1269  if (!is_array($variable)) {

1270  $variable = $this->uc;

1271  }

1272  if ($this->writeDevLog) {

1273  GeneralUtility::devLog('writeUC: ' . $this->userid_column . '=' . (int)$this->user[$this->userid_column], 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication');

1274  }

1275  $this->db->exec_UPDATEquery($this->user_table, $this->userid_column . '=' . (int)$this->user[$this->userid_column], array('uc' => serialize($variable)));

1276  }

1277  }

1278 

1287  public function unpack_uc($theUC = '') {

1288  if (!$theUC && isset($this->user['uc'])) {

1289  $theUC = unserialize($this->user['uc']);

1290  }

1291  if (is_array($theUC)) {

1292  $this->uc = $theUC;

1293  }

1294  }

1295 

1307  public function pushModuleData($module, $data, $noSave = 0) {

1308  $this->uc['moduleData'][$module] = $data;

1309  $this->uc['moduleSessionID'][$module] = $this->id;

1310  if (!$noSave) {

1311  $this->writeUC();

1312  }

1313  }

1314 

1323  public function getModuleData($module, $type = '') {

1324  if ($type != 'ses' || (isset($this->uc['moduleSessionID'][$module]) && $this->uc['moduleSessionID'][$module] == $this->id)) {

1325  return $this->uc['moduleData'][$module];

1326  }

1327  return NULL;

1328  }

1329 

1338  public function getSessionData($key) {

1339  $sesDat = unserialize($this->user['ses_data']);

1340  return $sesDat[$key];

1341  }

1342 

1352  public function setAndSaveSessionData($key, $data) {

1353  $sesDat = unserialize($this->user['ses_data']);

1354  $sesDat[$key] = $data;

1355  $this->user['ses_data'] = serialize($sesDat);

1356  if ($this->writeDevLog) {

1357  GeneralUtility::devLog('setAndSaveSessionData: ses_id = ' . $this->user['ses_id'], 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication');

1358  }

1359  $this->db->exec_UPDATEquery($this->session_table, 'ses_id=' . $this->db->fullQuoteStr($this->user['ses_id'], $this->session_table), array('ses_data' => $this->user['ses_data']));

1360  }

1361 

1362  /*************************

1363  *

1364  * Misc

1365  *

1366  *************************/

1374  public function getLoginFormData() {

1375  $loginData = array();

1376  if ($this->getMethodEnabled) {

1377  $loginData['status'] = GeneralUtility::_GP($this->formfield_status);

1378  $loginData['uname'] = GeneralUtility::_GP($this->formfield_uname);

1379  $loginData['uident'] = GeneralUtility::_GP($this->formfield_uident);

1380  $loginData['chalvalue'] = GeneralUtility::_GP($this->formfield_chalvalue);

1381  } else {

1382  $loginData['status'] = GeneralUtility::_POST($this->formfield_status);

1383  $loginData['uname'] = GeneralUtility::_POST($this->formfield_uname);

1384  $loginData['uident'] = GeneralUtility::_POST($this->formfield_uident);

1385  $loginData['chalvalue'] = GeneralUtility::_POST($this->formfield_chalvalue);

1386  }

1387  // Only process the login data if a login is requested

1388  if ($loginData['status'] === 'login') {

1389  $loginData = $this->processLoginData($loginData);

1390  }

1391  return $loginData;

1392  }

1393 

1404  public function processLoginData($loginData, $passwordTransmissionStrategy = '') {

1405  $loginSecurityLevel = $GLOBALS['TYPO3_CONF_VARS'][$this->loginType]['loginSecurityLevel']

1406  ? trim($GLOBALS['TYPO3_CONF_VARS'][$this->loginType]['loginSecurityLevel'])

1407  : 'normal';

1408  $passwordTransmissionStrategy = $passwordTransmissionStrategy ?: $loginSecurityLevel;

1409  if ($this->writeDevLog) {

1410  GeneralUtility::devLog('Login data before processing: ' . GeneralUtility::arrayToLogString($loginData), 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication');

1411  }

1412  $serviceChain = '';

1413  $subType = 'processLoginData' . $this->loginType;

1414  $authInfo = $this->getAuthInfoArray();

1415  $isLoginDataProcessed = FALSE;

1416  $processedLoginData = $loginData;

1417  while (is_object($serviceObject = GeneralUtility::makeInstanceService('auth', $subType, $serviceChain))) {

1418  $serviceChain .= ',' . $serviceObject->getServiceKey();

1419  $serviceObject->initAuth($subType, $loginData, $authInfo, $this);

1420  $serviceResult = $serviceObject->processLoginData($processedLoginData, $passwordTransmissionStrategy);

1421  if (!empty($serviceResult)) {

1422  $isLoginDataProcessed = TRUE;

1423  // If the service returns >=200 then no more processing is needed

1424  if ((int)$serviceResult >= 200) {

1425  unset($serviceObject);

1426  break;

1427  }

1428  }

1429  unset($serviceObject);

1430  }

1431  if ($isLoginDataProcessed) {

1432  $loginData = $processedLoginData;

1433  if ($this->writeDevLog) {

1434  GeneralUtility::devLog('Processed login data: ' . GeneralUtility::arrayToLogString($processedLoginData), 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication');

1435  }

1436  }

1437  return $loginData;

1438  }

1439 

1447  public function getAuthInfoArray() {

1448  $authInfo = array();

1449  $authInfo['loginType'] = $this->loginType;

1450  $authInfo['refInfo'] = parse_url(GeneralUtility::getIndpEnv('HTTP_REFERER'));

1451  $authInfo['HTTP_HOST'] = GeneralUtility::getIndpEnv('HTTP_HOST');

1452  $authInfo['REMOTE_ADDR'] = GeneralUtility::getIndpEnv('REMOTE_ADDR');

1453  $authInfo['REMOTE_HOST'] = GeneralUtility::getIndpEnv('REMOTE_HOST');

1454  $authInfo['showHiddenRecords'] = $this->showHiddenRecords;

1455  // Can be overidden in localconf by SVCONF:

1456  $authInfo['db_user']['table'] = $this->user_table;

1457  $authInfo['db_user']['userid_column'] = $this->userid_column;

1458  $authInfo['db_user']['username_column'] = $this->username_column;

1459  $authInfo['db_user']['userident_column'] = $this->userident_column;

1460  $authInfo['db_user']['usergroup_column'] = $this->usergroup_column;

1461  $authInfo['db_user']['enable_clause'] = $this->user_where_clause();

1462  if ($this->checkPid && $this->checkPid_value !== NULL) {

1463  $authInfo['db_user']['checkPidList'] = $this->checkPid_value;

1464  $authInfo['db_user']['check_pid_clause'] = ' AND pid IN (' .

1465  $this->db->cleanIntList($this->checkPid_value) . ')';

1466  } else {

1467  $authInfo['db_user']['checkPidList'] = '';

1468  $authInfo['db_user']['check_pid_clause'] = '';

1469  }

1470  $authInfo['db_groups']['table'] = $this->usergroup_table;

1471  return $authInfo;

1472  }

1473 

1483  public function compareUident($user, $loginData, $passwordCompareStrategy = '') {

1484  $OK = FALSE;

1485  switch ($passwordCompareStrategy) {

1486  case 'superchallenged':

1487 

1488  case 'challenged':

1489  // Check challenge stored in cookie:

1490  if ($this->challengeStoredInCookie) {

1491  session_start();

1492  if ($_SESSION['login_challenge'] !== $loginData['chalvalue']) {

1493  if ($this->writeDevLog) {

1494  GeneralUtility::devLog('PHP Session stored challenge "' . $_SESSION['login_challenge'] . '" and submitted challenge "' . $loginData['chalvalue'] . '" did not match, so authentication failed!', 'TYPO3\\CMS\\Core\\Authentication\\AbstractUserAuthentication', 2);

1495  }

1496  $this->logoff();

1497  return FALSE;

1498  }

1499  }

1500  $compareStrategyHash = md5($user[$this->username_column] . ':' . $user[$this->userident_column] . ':' . $loginData['chalvalue']);

1501  if ((string)$loginData[('uident_' . $passwordCompareStrategy)] === $compareStrategyHash) {

1502  $OK = TRUE;

1503  }

1504  break;

1505  default:

1506  // normal

1507  if ((string)$loginData['uident_text'] !== '' && (string)$loginData['uident_text'] === (string)$user[$this->userident_column]) {

1508  $OK = TRUE;

1509  }

1510  }

1511  return $OK;

1512  }

1513 

1521  public function gc() {

1522  $this->db->exec_DELETEquery($this->session_table, 'ses_tstamp < ' . (int)($GLOBALS['EXEC_TIME'] - $this->gc_time) . ' AND ses_name = ' . $this->db->fullQuoteStr($this->name, $this->session_table));

1523  }

1524 

1540  public function writelog($type, $action, $error, $details_nr, $details, $data, $tablename, $recuid, $recpid) {

1541 

1542  }

1543 

1554  public function checkLogFailures($email, $secondsBack, $maxFailures) {

1555 

1556  }

1557 

1572  public function setBeUserByUid($uid) {

1573  $this->user = $this->getRawUserByUid($uid);

1574  }

1575 

1585  public function setBeUserByName($name) {

1586  $this->user = $this->getRawUserByName($name);

1587  }

1588 

1597  public function getRawUserByUid($uid) {

1598  $user = FALSE;

1599  $dbres = $this->db->exec_SELECTquery('*', $this->user_table, 'uid=' . (int)$uid . ' ' . $this->user_where_clause());

1600  if ($dbres) {

1601  $user = $this->db->sql_fetch_assoc($dbres);

1602  $this->db->sql_free_result($dbres);

1603  }

1604  return $user;

1605  }

1606 

1616  public function getRawUserByName($name) {

1617  $user = FALSE;

1618  $dbres = $this->db->exec_SELECTquery('*', $this->user_table, 'username=' . $this->db->fullQuoteStr($name, $this->user_table) . ' ' . $this->user_where_clause());

1619  if ($dbres) {

1620  $user = $this->db->sql_fetch_assoc($dbres);

1621  $this->db->sql_free_result($dbres);

1622  }

1623  return $user;

1624  }

1625 

1626  /*************************

1627  *

1628  * Create/update user - EXPERIMENTAL

1629  *

1630  *************************/

1641  public function fetchUserRecord($dbUser, $username, $extraWhere = '') {

1642  $user = FALSE;

1643  $usernameClause = $username ? $dbUser['username_column'] . '=' . $this->db->fullQuoteStr($username, $dbUser['table']) : '1=1';

1644  if ($username || $extraWhere) {

1645  // Look up the user by the username and/or extraWhere:

1646  $dbres = $this->db->exec_SELECTquery('*', $dbUser['table'], $usernameClause . $dbUser['check_pid_clause'] . $dbUser['enable_clause'] . $extraWhere);

1647  if ($dbres) {

1648  $user = $this->db->sql_fetch_assoc($dbres);

1649  $this->db->sql_free_result($dbres);

1650  }

1651  }

1652  return $user;

1653  }

1654 

1659  protected function getDatabaseConnection() {

1660  return $GLOBALS['TYPO3_DB'];

1661  }

1662 }