TYPO3 CMS  TYPO3_6-2
AuthenticationService.php
Go to the documentation of this file.
1 <?php
2 namespace TYPO3\CMS\Sv;
3 
23 
32  public function processLoginData(array &$loginData, $passwordTransmissionStrategy) {
33  $isProcessed = TRUE;
34  // Processing data according to the state it was submitted in.
35  switch ($passwordTransmissionStrategy) {
36  case 'normal':
37  $loginData['uident_text'] = $loginData['uident'];
38  break;
39  case 'challenged':
40  $loginData['uident_text'] = '';
41  $loginData['uident_challenged'] = $loginData['uident'];
42  $loginData['uident_superchallenged'] = '';
43  break;
44  case 'superchallenged':
45  $loginData['uident_text'] = '';
46  $loginData['uident_challenged'] = '';
47  $loginData['uident_superchallenged'] = $loginData['uident'];
48  break;
49  default:
50  $isProcessed = FALSE;
51  }
52  if (!empty($loginData['uident_text'])) {
53  $loginData['uident_challenged'] = (string) md5(($loginData['uname'] . ':' . $loginData['uident_text'] . ':' . $loginData['chalvalue']));
54  $loginData['uident_superchallenged'] = (string) md5(($loginData['uname'] . ':' . md5($loginData['uident_text']) . ':' . $loginData['chalvalue']));
55  $isProcessed = TRUE;
56  }
57  return $isProcessed;
58  }
59 
66  public function getUser() {
67  $user = FALSE;
68  if ($this->login['status'] == 'login') {
69  if ($this->login['uident']) {
70  $user = $this->fetchUserRecord($this->login['uname']);
71  if (!is_array($user)) {
72  // Failed login attempt (no username found)
73  $this->writelog(255, 3, 3, 2, 'Login-attempt from %s (%s), username \'%s\' not found!!', array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']));
74  // Logout written to log
75  \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog(sprintf('Login-attempt from %s (%s), username \'%s\' not found!', $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']), 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_WARNING);
76  } else {
77  if ($this->writeDevLog) {
78  \TYPO3\CMS\Core\Utility\GeneralUtility::devLog('User found: ' . \TYPO3\CMS\Core\Utility\GeneralUtility::arrayToLogString($user, array($this->db_user['userid_column'], $this->db_user['username_column'])), 'TYPO3\\CMS\\Sv\\AuthenticationService');
79  }
80  }
81  } else {
82  // Failed Login attempt (no password given)
83  $this->writelog(255, 3, 3, 2, 'Login-attempt from %s (%s) for username \'%s\' with an empty password!', array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']));
84  \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog(sprintf('Login-attempt from %s (%s), for username \'%s\' with an empty password!', $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']), 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_WARNING);
85  }
86  }
87  return $user;
88  }
89 
104  public function authUser(array $user) {
105  $OK = 100;
106  // This authentication service can only work correctly, if a non empty username along with a non empty password is provided.
107  // Otherwise a different service is allowed to check for other login credentials
108  if ((string)$this->login['uident'] !== '' && (string)$this->login['uname'] !== '') {
109  // Checking password match for user:
110  $OK = $this->compareUident($user, $this->login);
111  if (!$OK) {
112  // Failed login attempt (wrong password) - write that to the log!
113  if ($this->writeAttemptLog) {
114  $this->writelog(255, 3, 3, 1, 'Login-attempt from %s (%s), username \'%s\', password not accepted!', array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']));
115  \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog(sprintf('Login-attempt from %s (%s), username \'%s\', password not accepted!', $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']), 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_WARNING);
116  }
117  if ($this->writeDevLog) {
118  \TYPO3\CMS\Core\Utility\GeneralUtility::devLog('Password not accepted: ' . $this->login['uident'], 'TYPO3\\CMS\\Sv\\AuthenticationService', 2);
119  }
120  }
121  // Checking the domain (lockToDomain)
122  if ($OK && $user['lockToDomain'] && $user['lockToDomain'] != $this->authInfo['HTTP_HOST']) {
123  // Lock domain didn't match, so error:
124  if ($this->writeAttemptLog) {
125  $this->writelog(255, 3, 3, 1, 'Login-attempt from %s (%s), username \'%s\', locked domain \'%s\' did not match \'%s\'!', array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->db_user['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST']));
126  \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog(sprintf('Login-attempt from %s (%s), username \'%s\', locked domain \'%s\' did not match \'%s\'!', $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->db_user['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST']), 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_WARNING);
127  }
128  $OK = 0;
129  }
130  }
131  return $OK;
132  }
133 
142  public function getGroups($user, $knownGroups) {
143  global $TYPO3_CONF_VARS;
144  $groupDataArr = array();
145  if ($this->mode == 'getGroupsFE') {
146  $groups = array();
147  if (is_array($user) && $user[$this->db_user['usergroup_column']]) {
148  $groupList = $user[$this->db_user['usergroup_column']];
149  $groups = array();
150  $this->getSubGroups($groupList, '', $groups);
151  }
152  // ADD group-numbers if the IPmask matches.
153  if (is_array($TYPO3_CONF_VARS['FE']['IPmaskMountGroups'])) {
154  foreach ($TYPO3_CONF_VARS['FE']['IPmaskMountGroups'] as $IPel) {
155  if ($this->authInfo['REMOTE_ADDR'] && $IPel[0] && \TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP($this->authInfo['REMOTE_ADDR'], $IPel[0])) {
156  $groups[] = (int)$IPel[1];
157  }
158  }
159  }
160  $groups = array_unique($groups);
161  if (count($groups)) {
162  $list = implode(',', $groups);
163  if ($this->writeDevLog) {
164  \TYPO3\CMS\Core\Utility\GeneralUtility::devLog('Get usergroups with id: ' . $list, 'TYPO3\\CMS\\Sv\\AuthenticationService');
165  }
166  $lockToDomain_SQL =
167  ' AND ('
168  . 'lockToDomain=\'\''
169  . ' OR lockToDomain IS NULL'
170  . ' OR lockToDomain=' . $GLOBALS['TYPO3_DB']->fullQuoteStr($this->authInfo['HTTP_HOST'], $this->db_groups['table'])
171  . ')';
172  if (!$this->authInfo['showHiddenRecords']) {
173  $hiddenP = 'AND hidden=0 ';
174  }
175  $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', $this->db_groups['table'], 'deleted=0 ' . $hiddenP . ' AND uid IN (' . $list . ')' . $lockToDomain_SQL);
176  while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
177  $groupDataArr[$row['uid']] = $row;
178  }
179  if ($res) {
180  $GLOBALS['TYPO3_DB']->sql_free_result($res);
181  }
182  } else {
183  if ($this->writeDevLog) {
184  \TYPO3\CMS\Core\Utility\GeneralUtility::devLog('No usergroups found.', 'TYPO3\\CMS\\Sv\\AuthenticationService', 2);
185  }
186  }
187  } elseif ($this->mode == 'getGroupsBE') {
188 
189  }
190  return $groupDataArr;
191  }
192 
205  public function getSubGroups($grList, $idList = '', &$groups) {
206  // Fetching records of the groups in $grList (which are not blocked by lockedToDomain either):
207  $lockToDomain_SQL =
208  ' AND ('
209  . 'lockToDomain=\'\''
210  . ' OR lockToDomain IS NULL'
211  . ' OR lockToDomain=' . $GLOBALS['TYPO3_DB']->fullQuoteStr($this->authInfo['HTTP_HOST'], 'fe_groups')
212  . ')';
213  if (!$this->authInfo['showHiddenRecords']) {
214  $hiddenP = 'AND hidden=0 ';
215  }
216  $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('uid,subgroup', 'fe_groups', 'deleted=0 ' . $hiddenP . ' AND uid IN (' . $grList . ')' . $lockToDomain_SQL);
217  // Internal group record storage
218  $groupRows = array();
219  // The groups array is filled
220  while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
221  if (!in_array($row['uid'], $groups)) {
222  $groups[] = $row['uid'];
223  }
224  $groupRows[$row['uid']] = $row;
225  }
226  // Traversing records in the correct order
227  $include_staticArr = \TYPO3\CMS\Core\Utility\GeneralUtility::intExplode(',', $grList);
228  // traversing list
229  foreach ($include_staticArr as $uid) {
230  // Get row:
231  $row = $groupRows[$uid];
232  // Must be an array and $uid should not be in the idList, because then it is somewhere previously in the grouplist
233  if (is_array($row) && !\TYPO3\CMS\Core\Utility\GeneralUtility::inList($idList, $uid)) {
234  // Include sub groups
235  if (trim($row['subgroup'])) {
236  // Make integer list
237  $theList = implode(',', \TYPO3\CMS\Core\Utility\GeneralUtility::intExplode(',', $row['subgroup']));
238  // Call recursively, pass along list of already processed groups so they are not recursed again.
239  $this->getSubGroups($theList, $idList . ',' . $uid, $groups);
240  }
241  }
242  }
243  }
244 
245 }
$TYPO3_CONF_VARS['SYS']['contentTable']
writelog($type, $action, $error, $details_nr, $details, $data, $tablename='', $recuid='', $recpid='')
static devLog($msg, $extKey, $severity=0, $dataVar=FALSE)
static intExplode($delimiter, $string, $removeEmptyValues=FALSE, $limit=0)
$uid
Definition: server.php:36
processLoginData(array &$loginData, $passwordTransmissionStrategy)
getSubGroups($grList, $idList='', &$groups)
fetchUserRecord($username, $extraWhere='', $dbUserSetup='')
if(!defined('TYPO3_MODE')) $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['logoff_pre_processing'][]
compareUident(array $user, array $loginData, $passwordCompareStrategy='')