TYPO3 CMS  TYPO3_7-6
Public Member Functions | Public Attributes | Protected Member Functions | Protected Attributes | List of all members
TYPO3\CMS\Core\Authentication\AbstractUserAuthentication Class Reference
Inheritance diagram for TYPO3\CMS\Core\Authentication\AbstractUserAuthentication:
TYPO3\CMS\Core\Authentication\BackendUserAuthentication TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication TYPO3\CMS\Backend\FrontendBackendUserAuthentication

Public Member Functions

 __construct ()
 
 start ()
 
 isSetSessionCookie ()
 
 isRefreshTimeBasedCookie ()
 
 checkAuthentication ()
 
 createSessionId ()
 
 createUserSession ($tempuser)
 
 getNewSessionRecord ($tempuser)
 
 fetchUserSession ($skipSessionUpdate=false)
 
 logoff ()
 
 removeCookie ($cookieName)
 
 isExistingSessionRecord ($id)
 
 isCookieSet ()
 
 veriCode ()
 
 writeUC ($variable='')
 
 unpack_uc ($theUC='')
 
 pushModuleData ($module, $data, $noSave=0)
 
 getModuleData ($module, $type='')
 
 getSessionData ($key)
 
 setAndSaveSessionData ($key, $data)
 
 getLoginFormData ()
 
 processLoginData ($loginData, $passwordTransmissionStrategy='')
 
 getAuthInfoArray ()
 
 compareUident ($user, $loginData, $passwordCompareStrategy='')
 
 gc ()
 
 writelog ($type, $action, $error, $details_nr, $details, $data, $tablename, $recuid, $recpid)
 
 checkLogFailures ($email, $secondsBack, $maxFailures)
 
 setBeUserByUid ($uid)
 
 setBeUserByName ($name)
 
 getRawUserByUid ($uid)
 
 getRawUserByName ($name)
 
 fetchUserRecord ($dbUser, $username, $extraWhere='')
 

Public Attributes

 $session_table = ''
 
 $name = ''
 
 $get_name = ''
 
 $user_table = ''
 
 $usergroup_table = ''
 
 $username_column = ''
 
 $userident_column = ''
 
 $userid_column = ''
 
 $usergroup_column = ''
 
 $lastLogin_column = ''
 
 $enablecolumns
 
 $showHiddenRecords = false
 
 $formfield_uname = ''
 
 $formfield_uident = ''
 
 $formfield_status = ''
 
 $auth_timeout_field = 0
 
 $lifetime = 0
 
 $gc_time = 0
 
 $gc_probability = 1
 
 $writeStdLog = false
 
 $writeAttemptLog = false
 
 $sendNoCacheHeaders = true
 
 $getFallBack = false
 
 $hash_length = 32
 
 $getMethodEnabled = false
 
 $lockIP = 4
 
 $lockHashKeyWords = 'useragent'
 
 $warningEmail = ''
 
 $warningPeriod = 3600
 
 $warningMax = 3
 
 $checkPid = true
 
 $checkPid_value = 0
 
 $id
 
 $loginFailure = false
 
 $loginSessionStarted = false
 
 $user = null
 
 $get_URL_ID = ''
 
 $newSessionID = false
 
 $forceSetCookie = false
 
 $dontSetCookie = false
 
 $loginType = ''
 
 $svConfig = []
 
 $writeDevLog = false
 
 $uc
 

Protected Member Functions

 setSessionCookie ()
 
 getCookieDomain ()
 
 getCookie ($cookieName)
 
 regenerateSessionId ()
 
 fetchUserSessionFromDB ()
 
 user_where_clause ()
 
 ipLockClause ()
 
 ipLockClause_remoteIPNumber ($parts)
 
 hashLockClause ()
 
 hashLockClause_getHashInt ()
 
 getDatabaseConnection ()
 

Protected Attributes

 $cookieWasSetOnCurrentRequest = false
 
 $db = null
 

Detailed Description

Authentication of users in TYPO3

This class is used to authenticate a login user. The class is used by both the frontend and backend. In both cases this class is a parent class to BackendUserAuthentication and FrontenUserAuthentication

See Inside TYPO3 for more information about the API of the class and internal variables.

Definition at line 29 of file AbstractUserAuthentication.php.

Constructor & Destructor Documentation

◆ __construct()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::__construct ( )

Initialize some important variables

Definition at line 333 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getDatabaseConnection().

Member Function Documentation

◆ checkAuthentication()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::checkAuthentication ( )

Checks if a submission of username and password is present or use other authentication by auth services

Exceptions

Definition at line 555 of file AbstractUserAuthentication.php.

References $GLOBALS, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$loginType, TYPO3\CMS\Core\Utility\GeneralUtility\_GP(), TYPO3\CMS\Core\Utility\GeneralUtility\arrayToLogString(), TYPO3\CMS\Core\Utility\GeneralUtility\callUserFunction(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkLogFailures(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\createUserSession(), TYPO3\CMS\Core\Utility\GeneralUtility\devLog(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\fetchUserSession(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray(), TYPO3\CMS\Core\Utility\GeneralUtility\getIndpEnv(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getLoginFormData(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\logoff(), TYPO3\CMS\Core\Utility\GeneralUtility\makeInstanceService(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\regenerateSessionId(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\writelog().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\start().

◆ checkLogFailures()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::checkLogFailures (   $email,
  $secondsBack,
  $maxFailures 
)

DUMMY: Check login failures (in some extension classes)

Parameters
string$emailEmail address
int$secondsBackNumber of sections back in time to check. This is a kind of limit for how many failures an hour for instance
int$maxFailuresMax allowed failures before a warning mail is sent
Returns
void

Definition at line 1426 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\simplelog().

◆ compareUident()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::compareUident (   $user,
  $loginData,
  $passwordCompareStrategy = '' 
)

Check the login data with the user record data for builtin login methods

Parameters
array$userUser data array
array$loginDataLogin data array
string$passwordCompareStrategyAlternative passwordCompareStrategy. Used when authentication services wants to override the default.
Returns
bool TRUE if login data matched

Definition at line 1383 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$user, and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$userident_column.

◆ createSessionId()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::createSessionId ( )

Creates a new session ID.

Returns
string The new session ID

Definition at line 790 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Utility\GeneralUtility\getRandomHexString().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\regenerateSessionId(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\start().

◆ createUserSession()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::createUserSession (   $tempuser)

Creates a user session record and returns its values.

Parameters
array$tempuserUser data array
Returns
array The session data for the newly created session.

Definition at line 827 of file AbstractUserAuthentication.php.

References $GLOBALS, TYPO3\CMS\Core\Utility\GeneralUtility\devLog(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getNewSessionRecord(), and TYPO3\CMS\Core\Utility\GeneralUtility\SYSLOG_SEVERITY_WARNING.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication().

◆ fetchUserRecord()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::fetchUserRecord (   $dbUser,
  $username,
  $extraWhere = '' 
)

Get a user from DB by username provided for usage from services

Parameters
array$dbUserUser db table definition: $this->db_user
string$usernameuser name
string$extraWhereAdditional WHERE clause: " AND ...
Returns
mixed User array or FALSE

Definition at line 1512 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$user.

◆ fetchUserSession()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::fetchUserSession (   $skipSessionUpdate = false)

Read the user session from db.

Parameters
bool$skipSessionUpdate
Returns
array User session data

Definition at line 891 of file AbstractUserAuthentication.php.

References $GLOBALS, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$user, TYPO3\CMS\Core\Utility\GeneralUtility\devLog(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\fetchUserSessionFromDB(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\logoff().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication().

◆ fetchUserSessionFromDB()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::fetchUserSessionFromDB ( )
protected

The session_id is used to find user in the database. Two tables are joined: The session-table with user_id of the session and the usertable with its primary key if the client is flash (e.g. from a flash application inside TYPO3 that does a server request) then don't evaluate with the hashLockClause, as the client/browser is included in this hash and thus, the flash request would be rejected

Returns
private

Definition at line 1027 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\hashLockClause(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\ipLockClause(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\user_where_clause().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\fetchUserSession().

◆ gc()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::gc ( )

Garbage collector, removing old expired sessions.

Returns
void

Definition at line 1394 of file AbstractUserAuthentication.php.

References $GLOBALS.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\start().

◆ getAuthInfoArray()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getAuthInfoArray ( )

Returns an info array which provides additional information for auth services

Returns
array

Definition at line 1347 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$checkPid_value, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$loginType, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$showHiddenRecords, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$user_table, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$usergroup_column, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$usergroup_table, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$userid_column, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$userident_column, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$username_column, TYPO3\CMS\Core\Utility\GeneralUtility\getIndpEnv(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\user_where_clause().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication(), TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\fetchGroupData(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\processLoginData().

◆ getCookie()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getCookie (   $cookieName)
protected

Get the value of a specified cookie.

Parameters
string$cookieNameThe cookie ID
Returns
string The value stored in the cookie

Definition at line 521 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isCookieSet(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\start().

◆ getCookieDomain()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getCookieDomain ( )
protected

Gets the domain to be used on setting cookies. The information is taken from the value in $GLOBALS['TYPO3_CONF_VARS']['SYS']['cookieDomain'].

Returns
string The domain to be used on setting cookies

Definition at line 490 of file AbstractUserAuthentication.php.

References $GLOBALS, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$loginType, TYPO3\CMS\Core\Utility\GeneralUtility\getIndpEnv(), and TYPO3\CMS\Core\Utility\GeneralUtility\SYSLOG_SEVERITY_ERROR.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\removeCookie(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setSessionCookie().

◆ getDatabaseConnection()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getDatabaseConnection ( )
protected

Get global database connection

Returns
DatabaseConnection

Definition at line 1531 of file AbstractUserAuthentication.php.

References $GLOBALS.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\__construct().

◆ getLoginFormData()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getLoginFormData ( )

Returns an info array with Login/Logout data submitted by a form or params

Returns
array

Definition at line 1278 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Utility\GeneralUtility\_GP(), TYPO3\CMS\Core\Utility\GeneralUtility\_POST(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\processLoginData().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication().

◆ getModuleData()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getModuleData (   $module,
  $type = '' 
)

Gets module data for a module (from a loaded ->uc array)

Parameters
string$moduleIs the name of the module ($MCONF['name'])
string$typeIf $type = 'ses' then module data is returned only if it was stored in the current session, otherwise data from a previous session will be returned (if available).
Returns
mixed The module data if available: $this->uc['moduleData'][$module];

Definition at line 1227 of file AbstractUserAuthentication.php.

◆ getNewSessionRecord()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getNewSessionRecord (   $tempuser)

Returns a new session record for the current user for insertion into the DB. This function is mainly there as a wrapper for inheriting classes to override it.

Parameters
array$tempuser
Returns
array User session record

Definition at line 867 of file AbstractUserAuthentication.php.

References $GLOBALS, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$id, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$name, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$userid_column, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\hashLockClause_getHashInt(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\ipLockClause_remoteIPNumber().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\createUserSession().

◆ getRawUserByName()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getRawUserByName (   $name)

Fetching raw user record with username=$name

Parameters
string$nameThe username to look up.
Returns
array user record or FALSE
See also
::getUserByUid()

Definition at line 1487 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$name, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$user, and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\user_where_clause().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setBeUserByName().

◆ getRawUserByUid()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getRawUserByUid (   $uid)

Fetching raw user record with uid=$uid

Parameters
int$uidThe UID of the backend user to set in ->user
Returns
array user record or FALSE

Definition at line 1468 of file AbstractUserAuthentication.php.

References $uid, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$user, and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\user_where_clause().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setBeUserByUid().

◆ getSessionData()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getSessionData (   $key)

Returns the session data stored for $key. The data will last only for this login session since it is stored in the session table.

Parameters
string$keyPointer to an associative key in the session data array which is stored serialized in the field "ses_data" of the session table.
Returns
mixed

Definition at line 1242 of file AbstractUserAuthentication.php.

◆ hashLockClause()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::hashLockClause ( )
protected

This returns the where-clause needed to lock a user to a hash integer

Returns
string private

Definition at line 1138 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\hashLockClause_getHashInt().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\fetchUserSessionFromDB().

◆ hashLockClause_getHashInt()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::hashLockClause_getHashInt ( )
protected

Creates hash integer to lock user to. Depends on configured keywords

Returns
int Hash integer private

Definition at line 1149 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Utility\GeneralUtility\getIndpEnv(), TYPO3\CMS\Core\Utility\GeneralUtility\inList(), and TYPO3\CMS\Core\Utility\GeneralUtility\md5int().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getNewSessionRecord(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\hashLockClause().

◆ ipLockClause()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::ipLockClause ( )
protected

This returns the where prepared statement-clause needed to lock a user to the IP address

Returns
array private

Definition at line 1080 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\ipLockClause_remoteIPNumber().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\fetchUserSessionFromDB().

◆ ipLockClause_remoteIPNumber()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::ipLockClause_remoteIPNumber (   $parts)
protected

Returns the IP address to lock to. The IP address may be partial based on $parts.

Parameters
int$parts1-4: Indicates how many parts of the IP address to return. 4 means all, 1 means only first number.
Returns
string (Partial) IP address for REMOTE_ADDR

Definition at line 1105 of file AbstractUserAuthentication.php.

References $a, TYPO3\CMS\Core\Utility\MathUtility\forceIntegerInRange(), and TYPO3\CMS\Core\Utility\GeneralUtility\getIndpEnv().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getNewSessionRecord(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\ipLockClause().

◆ isCookieSet()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::isCookieSet ( )

Returns whether this request is going to set a cookie or a cookie was already found in the system

Returns
bool Returns TRUE if a cookie is set

Definition at line 1007 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getCookie().

Referenced by TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\logoff(), TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\record_registration(), and TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\storeSessionData().

◆ isExistingSessionRecord()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::isExistingSessionRecord (   $id)

Determine whether there's an according session record to a given session_id in the database. Don't care if session record is still valid or not.

Parameters
int$idClaimed Session ID
Returns
bool Returns TRUE if a corresponding session was found in the database

Definition at line 992 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$id.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\start().

◆ isRefreshTimeBasedCookie()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::isRefreshTimeBasedCookie ( )

Determine whether a non-session cookie needs to be set (lifetime>0)

Returns
bool

Definition at line 543 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setSessionCookie().

◆ isSetSessionCookie()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::isSetSessionCookie ( )

Determine whether a session cookie needs to be set (lifetime=0)

Returns
bool

Definition at line 532 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setSessionCookie().

◆ logoff()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::logoff ( )

Log out current user! Removes the current session record, sets the internal ->user array to a blank string; Thereby the current user (if any) is effectively logged out!

Returns
void

Definition at line 941 of file AbstractUserAuthentication.php.

References $GLOBALS, TYPO3\CMS\Core\Utility\GeneralUtility\callUserFunction(), TYPO3\CMS\Core\Utility\GeneralUtility\devLog(), and TYPO3\CMS\Backend\Utility\BackendUtility\lockRecords().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\fetchUserSession().

◆ processLoginData()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::processLoginData (   $loginData,
  $passwordTransmissionStrategy = '' 
)

Processes Login data submitted by a form or params depending on the passwordTransmissionStrategy

Parameters
array$loginDataLogin data array
string$passwordTransmissionStrategyAlternative passwordTransmissionStrategy. Used when authentication services wants to override the default.
Returns
array

Definition at line 1306 of file AbstractUserAuthentication.php.

References $GLOBALS, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$loginType, TYPO3\CMS\Core\Utility\GeneralUtility\arrayToLogString(), TYPO3\CMS\Core\Utility\GeneralUtility\devLog(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray(), and TYPO3\CMS\Core\Utility\GeneralUtility\makeInstanceService().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getLoginFormData().

◆ pushModuleData()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::pushModuleData (   $module,
  $data,
  $noSave = 0 
)

Stores data for a module. The data is stored with the session id so you can even check upon retrieval if the module data is from a previous session or from the current session.

Parameters
string$moduleIs the name of the module ($MCONF['name'])
mixed$dataIs the data you want to store for that module (array, string, ...)
bool | int$noSaveIf $noSave is set, then the ->uc array (which carries all kinds of user data) is NOT written immediately, but must be written by some subsequent call.
Returns
void

Definition at line 1211 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$id, and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\writeUC().

◆ regenerateSessionId()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::regenerateSessionId ( )
protected

Regenerate the session ID and transfer the session to new ID Call this method whenever a user proceeds to a higher authorization level e.g. when an anonymous session is now authenticated.

Definition at line 800 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$id, and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\createSessionId().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication().

◆ removeCookie()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::removeCookie (   $cookieName)

Empty / unset the cookie

Parameters
string$cookieNameusually, this is $this->name
Returns
void

Definition at line 977 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getCookieDomain(), and TYPO3\CMS\Core\Utility\GeneralUtility\getIndpEnv().

Referenced by TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\logoff(), and TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\storeSessionData().

◆ setAndSaveSessionData()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::setAndSaveSessionData (   $key,
  $data 
)

Sets the session data ($data) for $key and writes all session data (from ->user['ses_data']) to the database. The data will last only for this login session since it is stored in the session table.

Parameters
string$keyPointer to an associative key in the session data array which is stored serialized in the field "ses_data" of the session table.
mixed$dataThe variable to store in index $key
Returns
void

Definition at line 1256 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Utility\GeneralUtility\devLog().

◆ setBeUserByName()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::setBeUserByName (   $name)

Raw initialization of the be_user with username=$name

Parameters
string$nameThe username to look up.
Returns
void
See also
::setBeUserByUid()

Definition at line 1456 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$name, and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getRawUserByName().

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\checkCLIuser().

◆ setBeUserByUid()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::setBeUserByUid (   $uid)

Raw initialization of the be_user with uid=$uid This will circumvent all login procedures and select a be_users record from the database and set the content of ->user to the record selected. Thus the BE_USER object will appear like if a user was authenticated - however without a session id and the fields from the session table of course. Will check the users for disabled, start/endtime, etc. ($this->user_where_clause())

Parameters
int$uidThe UID of the backend user to set in ->user
Returns
void

Definition at line 1443 of file AbstractUserAuthentication.php.

References $uid, and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getRawUserByUid().

◆ setSessionCookie()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::setSessionCookie ( )
protected

Sets the session cookie for the current disposal.

Returns
void
Exceptions

Definition at line 454 of file AbstractUserAuthentication.php.

References $GLOBALS, TYPO3\CMS\Core\Utility\GeneralUtility\devLog(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getCookieDomain(), TYPO3\CMS\Core\Utility\GeneralUtility\getIndpEnv(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isRefreshTimeBasedCookie(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isSetSessionCookie().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\start(), and TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\storeSessionData().

◆ start()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::start ( )

Starts a user session Typical configurations will: a) check if session cookie was set and if not, set one, b) check if a password/username was sent and if so, try to authenticate the user c) Lookup a session attached to a user and check timeout etc. d) Garbage collection, setting of no-cache headers. If a user is authenticated the database record of the user (array) will be set in the ->user internal variable.

Exceptions

Definition at line 350 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$auth_timeout_field, $GLOBALS, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$id, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$loginType, TYPO3\CMS\Core\Utility\GeneralUtility\_GET(), TYPO3\CMS\Core\Utility\GeneralUtility\callUserFunction(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication(), TYPO3\CMS\Core\Utility\GeneralUtility\clientInfo(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\createSessionId(), TYPO3\CMS\Core\Utility\GeneralUtility\devLog(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\gc(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getCookie(), TYPO3\CMS\Core\Utility\GeneralUtility\getIndpEnv(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isExistingSessionRecord(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setSessionCookie().

◆ unpack_uc()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::unpack_uc (   $theUC = '')

Sets $theUC as the internal variable ->uc IF $theUC is an array. If $theUC is FALSE, the 'uc' content from the ->user array will be unserialized and restored in ->uc

Parameters
mixed$theUCIf an array, then set as ->uc, otherwise load from user record
Returns
void

Definition at line 1191 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\backendSetUC().

◆ user_where_clause()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::user_where_clause ( )
protected

This returns the where-clause needed to select the user with respect flags like deleted, hidden, starttime, endtime

Returns
string private

Definition at line 1052 of file AbstractUserAuthentication.php.

References $GLOBALS.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\fetchUserSessionFromDB(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getRawUserByName(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getRawUserByUid().

◆ veriCode()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::veriCode ( )

VeriCode returns 10 first chars of a md5 hash of the session cookie AND the encryptionKey from TYPO3_CONF_VARS. This code is used as an alternative verification when the JavaScript interface executes cmd's to tce_db.php from eg. MSIE 5.0 because the proper referer is not passed with this browser...

Returns
string

Definition at line 1127 of file AbstractUserAuthentication.php.

References $GLOBALS.

◆ writelog()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::writelog (   $type,
  $action,
  $error,
  $details_nr,
  $details,
  $data,
  $tablename,
  $recuid,
  $recpid 
)

DUMMY: Writes to log database table (in some extension classes)

Parameters
int$typedenotes which module that has submitted the entry. This is the current list: 1=tce_db; 2=tce_file; 3=system (eg. sys_history save); 4=modules; 254=Personal settings changed; 255=login / out action: 1=login, 2=logout, 3=failed login (+ errorcode 3), 4=failure_warning_email sent
int$actiondenotes which specific operation that wrote the entry (eg. 'delete', 'upload', 'update' and so on...). Specific for each $type. Also used to trigger update of the interface. (see the log-module for the meaning of each number !!)
int$errorflag. 0 = message, 1 = error (user problem), 2 = System Error (which should not happen), 3 = security notice (admin)
int$details_nrThe message number. Specific for each $type and $action. in the future this will make it possible to translate errormessages to other languages
string$detailsDefault text that follows the message
array$dataData that follows the log. Might be used to carry special information. If an array the first 5 entries (0-4) will be sprintf'ed the details-text...
string$tablenameSpecial field used by tce_main.php. These ($tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)
int$recuidSpecial field used by tce_main.php. These ($tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)
int$recpidSpecial field used by tce_main.php. These ($tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)
Returns
void

Definition at line 1413 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication().

◆ writeUC()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::writeUC (   $variable = '')

This writes $variable to the user-record. This is a way of providing session-data. You can fetch the data again through $this->uc in this class! If $variable is not an array, $this->uc is saved!

Parameters
array | string$variableAn array you want to store for the user as session data. If $variable is not supplied (is blank string), the internal variable, ->uc, is stored by default
Returns
void

Definition at line 1171 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$uc, and TYPO3\CMS\Core\Utility\GeneralUtility\devLog().

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\backendSetUC(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\pushModuleData(), and TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\storeSessionData().

Member Data Documentation

◆ $auth_timeout_field

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$auth_timeout_field = 0

Definition at line 134 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\start().

◆ $checkPid

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$checkPid = true

Definition at line 238 of file AbstractUserAuthentication.php.

◆ $checkPid_value

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$checkPid_value = 0

Definition at line 244 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray().

◆ $cookieWasSetOnCurrentRequest

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$cookieWasSetOnCurrentRequest = false
protected

Definition at line 300 of file AbstractUserAuthentication.php.

◆ $db

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$db = null
protected

Definition at line 328 of file AbstractUserAuthentication.php.

◆ $dontSetCookie

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$dontSetCookie = false

Definition at line 295 of file AbstractUserAuthentication.php.

◆ $enablecolumns

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$enablecolumns
Initial value:
= [
'rootLevel' => ''

Definition at line 95 of file AbstractUserAuthentication.php.

◆ $forceSetCookie

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$forceSetCookie = false

Definition at line 289 of file AbstractUserAuthentication.php.

◆ $formfield_status

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$formfield_status = ''

Definition at line 125 of file AbstractUserAuthentication.php.

◆ $formfield_uident

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$formfield_uident = ''

Definition at line 119 of file AbstractUserAuthentication.php.

◆ $formfield_uname

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$formfield_uname = ''

Definition at line 113 of file AbstractUserAuthentication.php.

◆ $gc_probability

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$gc_probability = 1

Definition at line 157 of file AbstractUserAuthentication.php.

◆ $gc_time

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$gc_time = 0

Definition at line 151 of file AbstractUserAuthentication.php.

◆ $get_name

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$get_name = ''

Definition at line 47 of file AbstractUserAuthentication.php.

◆ $get_URL_ID

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$get_URL_ID = ''

Definition at line 277 of file AbstractUserAuthentication.php.

◆ $getFallBack

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$getFallBack = false

Definition at line 183 of file AbstractUserAuthentication.php.

◆ $getMethodEnabled

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$getMethodEnabled = false

Definition at line 200 of file AbstractUserAuthentication.php.

◆ $hash_length

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$hash_length = 32

Definition at line 193 of file AbstractUserAuthentication.php.

◆ $id

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$id

Definition at line 251 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Backend\FrontendBackendUserAuthentication\extGetTreeList(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getNewSessionRecord(), TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\isExistingSessionRecord(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isExistingSessionRecord(), TYPO3\CMS\Core\Authentication\BackendUserAuthentication\isInWebMount(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\pushModuleData(), TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\regenerateSessionId(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\regenerateSessionId(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\start(), TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\storeSessionData(), and TYPO3\CMS\Core\Authentication\BackendUserAuthentication\workspaceAllowAutoCreation().

◆ $lastLogin_column

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$lastLogin_column = ''

Definition at line 89 of file AbstractUserAuthentication.php.

◆ $lifetime

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$lifetime = 0

Definition at line 143 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\start().

◆ $lockHashKeyWords

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$lockHashKeyWords = 'useragent'

Definition at line 215 of file AbstractUserAuthentication.php.

◆ $lockIP

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$lockIP = 4

Definition at line 207 of file AbstractUserAuthentication.php.

◆ $loginFailure

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$loginFailure = false

Definition at line 257 of file AbstractUserAuthentication.php.

◆ $loginSessionStarted

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$loginSessionStarted = false

Definition at line 263 of file AbstractUserAuthentication.php.

◆ $loginType

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$loginType = ''

Definition at line 306 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication(), TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\fetchGroupData(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getCookieDomain(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\processLoginData(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\start().

◆ $name

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$name = ''

Definition at line 41 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getNewSessionRecord(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getRawUserByName(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setBeUserByName().

◆ $newSessionID

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$newSessionID = false

Definition at line 283 of file AbstractUserAuthentication.php.

◆ $sendNoCacheHeaders

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$sendNoCacheHeaders = true

Definition at line 175 of file AbstractUserAuthentication.php.

◆ $session_table

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$session_table = ''

Definition at line 35 of file AbstractUserAuthentication.php.

◆ $showHiddenRecords

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$showHiddenRecords = false

Definition at line 107 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray().

◆ $svConfig

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$svConfig = []

Definition at line 312 of file AbstractUserAuthentication.php.

◆ $uc

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$uc

Definition at line 323 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\writeUC().

◆ $user

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$user = null

Definition at line 269 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\compareUident(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\fetchUserRecord(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\fetchUserSession(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getRawUserByName(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getRawUserByUid().

◆ $user_table

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$user_table = ''

Definition at line 53 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray().

◆ $usergroup_column

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$usergroup_column = ''

Definition at line 83 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray().

◆ $usergroup_table

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$usergroup_table = ''

Definition at line 59 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray().

◆ $userid_column

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$userid_column = ''

Definition at line 77 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getNewSessionRecord().

◆ $userident_column

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$userident_column = ''

Definition at line 71 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\compareUident(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray().

◆ $username_column

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$username_column = ''

Definition at line 65 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray().

◆ $warningEmail

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$warningEmail = ''

Definition at line 220 of file AbstractUserAuthentication.php.

◆ $warningMax

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$warningMax = 3

Definition at line 232 of file AbstractUserAuthentication.php.

◆ $warningPeriod

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$warningPeriod = 3600

Definition at line 226 of file AbstractUserAuthentication.php.

◆ $writeAttemptLog

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$writeAttemptLog = false

Definition at line 169 of file AbstractUserAuthentication.php.

◆ $writeDevLog

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$writeDevLog = false

Definition at line 318 of file AbstractUserAuthentication.php.

◆ $writeStdLog

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$writeStdLog = false

Definition at line 163 of file AbstractUserAuthentication.php.