‪TYPO3CMS  ‪main
TYPO3\CMS\Core\Authentication\AbstractUserAuthentication Class Reference
Inheritance diagram for TYPO3\CMS\Core\Authentication\AbstractUserAuthentication:
TYPO3\CMS\Core\Authentication\BackendUserAuthentication TYPO3\CMS\Core\Tests\Functional\Authentication\Fixtures\AnyUserAuthentication TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication TYPO3\CMS\Backend\FrontendBackendUserAuthentication TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication TYPO3\CMS\Reactions\Authentication\ReactionUserAuthentication TYPO3\CMS\Workspaces\Authentication\PreviewUserAuthentication

Public Member Functions

 __construct ()
 
 initializeUserSessionManager (?UserSessionManager $userSessionManager=null)
 
 start (ServerRequestInterface $request)
 
 appendCookieToResponse (ResponseInterface $response, ?NormalizedParams $normalizedParams=null)
 
 checkAuthentication (ServerRequestInterface $request)
 
 isMfaSetupRequired ()
 
UserSession createUserSession (array $userRecordCandidate)
 
 enforceNewSessionId ()
 
 logoff ()
 
 removeCookie ($cookieName=null)
 
 writeUC ()
 
 pushModuleData (string $module, mixed $data, bool $dontPersistImmediately=false)
 
mixed getModuleData (string $module, string $type='')
 
mixed getSessionData ($key)
 
 setSessionData ($key, $data)
 
 setAndSaveSessionData ($key, $data)
 
array getLoginFormData (ServerRequestInterface $request)
 
 isActiveLogin (ServerRequestInterface $request)
 
array processLoginData (array $loginData, ServerRequestInterface $request)
 
array getAuthInfoArray (ServerRequestInterface $request)
 
 writelog ($type, $action, $error, $details_nr, $details, $data, $tablename, $recuid, $recpid)
 
 setBeUserByUid ($uid)
 
 setBeUserByName ($name)
 
array getRawUserByUid ($uid)
 
array getRawUserByName ($name)
 
 getSession ()
 

Public Attributes

string $name = ''
 
string $user_table = ''
 
string $usergroup_table = ''
 
string $username_column = ''
 
string $userident_column = ''
 
string $userid_column = ''
 
string $usergroup_column = ''
 
array $enablecolumns
 
bool $writeStdLog = false
 
bool $writeAttemptLog = false
 
bool $checkPid = true
 
int string null $checkPid_value = 0
 
array null $user
 
array $userGroups = []
 
string $loginType = ''
 
array $uc = []
 

Protected Member Functions

 setSessionCookie ()
 
 shallSetSessionCookie ()
 
bool isSetSessionCookie ()
 
bool isRefreshTimeBasedCookie ()
 
 getAuthServiceConfiguration ()
 
 fetchPossibleUsers (array $loginData, bool $activeLogin, bool $isExistingSession, ?array $authenticatedUserFromSession, ServerRequestInterface $request)
 
 evaluateMfaRequirements ()
 
Traversable getAuthServices (string $subType, array $loginData, ?array $authenticatedUserFromSession, ServerRequestInterface $request)
 
 regenerateSessionId ()
 
 updateLoginTimestamp (int $userId)
 
 fetchValidUserFromSessionOrDestroySession (bool $skipSessionUpdate=false)
 
 performLogoff ()
 
bool isCookieSet ()
 
 userConstraints ()
 
 unpack_uc ()
 
mixed removeSensitiveLoginDataForLoggingInfo ($data, bool $isUserRecord=false)
 

Protected Attributes

string $lastLogin_column = ''
 
string $formfield_uname = ''
 
string $formfield_uident = ''
 
string $formfield_status = ''
 
bool $loginSessionStarted = false
 
bool $dontSetCookie = false
 
UserSession $userSession = null
 
UserSessionManager $userSessionManager
 
SetCookieBehavior $setCookie = SetCookieBehavior::None
 

Detailed Description

Authentication of users in TYPO3

This class is used to authenticate a login user. The class is used by both the frontend and backend. In both cases this class is a parent class to BackendUserAuthentication and FrontendUserAuthentication

Definition at line 63 of file AbstractUserAuthentication.php.

Constructor & Destructor Documentation

◆ __construct()

Member Function Documentation

◆ appendCookieToResponse()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::appendCookieToResponse ( ResponseInterface  $response,
?NormalizedParams  $normalizedParams = null 
)

◆ checkAuthentication()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::checkAuthentication ( ServerRequestInterface  $request)

Checks if a submission of username and password is present or use other authentication by auth services

Exceptions
MfaRequiredException

Reimplemented in TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication, and TYPO3\CMS\Reactions\Authentication\ReactionUserAuthentication.

Definition at line 356 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Webhooks\Message\$loginData, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$loginType, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\createUserSession(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\evaluateMfaRequirements(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\fetchPossibleUsers(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\fetchValidUserFromSessionOrDestroySession(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthServiceConfiguration(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthServices(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getLoginFormData(), TYPO3\CMS\Core\Security\RequestToken\getSigningSecretIdentifier(), TYPO3\CMS\Core\Core\Environment\isCli(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\logoff(), TYPO3\CMS\Core\Authentication\LOGOUT, TYPO3\CMS\Core\Authentication\MimicServiceInterface\mimicAuthUser(), TYPO3\CMS\Core\Context\SecurityAspect\provideIn(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\regenerateSessionId(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\removeSensitiveLoginDataForLoggingInfo(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\unpack_uc(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\writelog().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\start().

◆ createUserSession()

UserSession TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::createUserSession ( array  $userRecordCandidate)

Creates a user session record and returns its values.

Parameters
array$userRecordCandidate‪User data array
Returns
‪UserSession The session data for the newly created session.

Reimplemented in TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication.

Definition at line 726 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\initializeUserSessionManager(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\updateLoginTimestamp().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication().

◆ enforceNewSessionId()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::enforceNewSessionId ( )

◆ evaluateMfaRequirements()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::evaluateMfaRequirements ( )
protected

This method checks if the user is authenticated but has not succeeded in passing his MFA challenge. This method can therefore only be used if a user has been authenticated against his first authentication method (username+password or any other authentication token).

Exceptions
MfaRequiredException

Reimplemented in TYPO3\CMS\Core\Authentication\BackendUserAuthentication.

Definition at line 650 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getSessionData().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication().

◆ fetchPossibleUsers()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::fetchPossibleUsers ( array  $loginData,
bool  $activeLogin,
bool  $isExistingSession,
?array  $authenticatedUserFromSession,
ServerRequestInterface  $request 
)
protected

Loads users from various sources (= authentication services) as an array of arrays.

Parameters
array | null$authenticatedUserFromSession‪if we have a user from an existing session, this is set here, otherwise null

Definition at line 599 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Webhooks\Message\$loginData, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$loginType, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthServiceConfiguration(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthServices().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication().

◆ fetchValidUserFromSessionOrDestroySession()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::fetchValidUserFromSessionOrDestroySession ( bool  $skipSessionUpdate = false)
protected

If the session is bound to a user, this method fetches the user record, and returns it. If the session has a timeout, the session date is extended if needed. Also the ìs_online flag is updated for the user.

However, if the session has expired the session is removed and the request is treated as an anonymous session.

Parameters
bool$skipSessionUpdate

Definition at line 764 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getRawUserByUid(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\logoff().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication().

◆ getAuthInfoArray()

◆ getAuthServiceConfiguration()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getAuthServiceConfiguration ( )
protected

"auth" services configuration array from $GLOBALS['TYPO3_CONF_VARS']['SVCONF']['auth']

Definition at line 342 of file AbstractUserAuthentication.php.

References $GLOBALS.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\fetchPossibleUsers().

◆ getAuthServices()

Traversable TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getAuthServices ( string  $subType,
array  $loginData,
?array  $authenticatedUserFromSession,
ServerRequestInterface  $request 
)
protected

Initializes authentication services to be used in a foreach loop

Parameters
string$subType‪e.g. getUserFE
array | null$authenticatedUserFromSession‪the user which was loaded from the session, or null if none was found
Returns
‪\Traversable A generator of service objects

Definition at line 683 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Webhooks\Message\$loginData, and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\fetchPossibleUsers(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\processLoginData().

◆ getLoginFormData()

array TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getLoginFormData ( ServerRequestInterface  $request)

◆ getModuleData()

mixed TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getModuleData ( string  $module,
string  $type = '' 
)

Gets module data for a module (from a loaded ->uc array)

Parameters
string$module‪Is the identifier of the module, e.g. "web_info"
string$type‪If $type = 'ses' then module data is returned only if it was stored in the current session, otherwise data from a previous session will be returned (if available).
Returns
‪mixed The module data if available: $this->uc['moduleData'][$module];

Definition at line 980 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Utility\GeneralUtility\hmac().

Referenced by TYPO3\CMS\Dashboard\DashboardInitializationService\loadCurrentDashboard().

◆ getRawUserByName()

array TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getRawUserByName (   $name)

Fetching raw user record with username=$name

Parameters
string$name‪The username to look up.
Returns
‪array user record or FALSE
See also
‪\TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getUserByUid()

Definition at line 1222 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\$name, and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\userConstraints().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setBeUserByName().

◆ getRawUserByUid()

array TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getRawUserByUid (   $uid)

◆ getSession()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getSession ( )

◆ getSessionData()

mixed TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::getSessionData (   $key)

◆ initializeUserSessionManager()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::initializeUserSessionManager ( ?UserSessionManager  $userSessionManager = null)

◆ isActiveLogin()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::isActiveLogin ( ServerRequestInterface  $request)

◆ isCookieSet()

bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::isCookieSet ( )
protected

Returns whether this request is going to set a cookie or a cookie was already found in the system

Returns
‪bool Returns TRUE if a cookie is set

Definition at line 855 of file AbstractUserAuthentication.php.

References $GLOBALS, and TYPO3\CMS\Core\Http\SetCookieService\create().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\performLogoff(), and TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\storeSessionData().

◆ isMfaSetupRequired()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::isMfaSetupRequired ( )

Whether the user is required to set up MFA

Reimplemented in TYPO3\CMS\Core\Authentication\BackendUserAuthentication.

Definition at line 671 of file AbstractUserAuthentication.php.

◆ isRefreshTimeBasedCookie()

bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::isRefreshTimeBasedCookie ( )
protected

Determine whether a non-session cookie needs to be set (lifetime>0)

Returns
‪bool

Reimplemented in TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication.

Definition at line 334 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Http\SetCookieService\create().

◆ isSetSessionCookie()

bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::isSetSessionCookie ( )
protected

Determine whether a session cookie needs to be set (lifetime=0)

Returns
‪bool

Reimplemented in TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication.

Definition at line 323 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Http\SetCookieService\create().

◆ logoff()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::logoff ( )

Log out current user! Removes the current session record, sets the internal ->user array to a blank string; Thereby the current user (if any) is effectively logged out!

Reimplemented in TYPO3\CMS\Core\Authentication\BackendUserAuthentication.

Definition at line 804 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\performLogoff().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\fetchValidUserFromSessionOrDestroySession().

◆ performLogoff()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::performLogoff ( )
protected

Perform the logoff action. Called from logoff() as a way to allow subclasses to override what happens when a user logs off, without needing to reproduce the hook calls and logging that happens in the public logoff() API method.

Definition at line 825 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isCookieSet(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\removeCookie().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\logoff().

◆ processLoginData()

array TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::processLoginData ( array  $loginData,
ServerRequestInterface  $request 
)

◆ pushModuleData()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::pushModuleData ( string  $module,
mixed  $data,
bool  $dontPersistImmediately = false 
)

Stores data for a module. The data is stored with the session ID, so you can even check upon retrieval if the module data is from a previous session or from the current session.

Parameters
string$module‪Is the identifier of the module, e.g. "web_info"
mixed$data‪Is the data you want to store for that module (array, string, ...)
bool$dontPersistImmediately‪If set, then the ->uc array (which carries all kinds of user data) is NOT written immediately, but must be written by some subsequent call.

Definition at line 960 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Utility\GeneralUtility\hmac(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\writeUC().

Referenced by TYPO3\CMS\Dashboard\DashboardInitializationService\saveCurrentDashboard().

◆ regenerateSessionId()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::regenerateSessionId ( )
protected

Regenerate the session ID and transfer the session to new ID Call this method whenever a user proceeds to a higher authorization level e.g. when an anonymous session is now authenticated.

Reimplemented in TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication.

Definition at line 709 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\enforceNewSessionId().

◆ removeCookie()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::removeCookie (   $cookieName = null)

◆ removeSensitiveLoginDataForLoggingInfo()

mixed TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::removeSensitiveLoginDataForLoggingInfo (   $data,
bool  $isUserRecord = false 
)
protected

Removes any sensitive data from the incoming data (either from loginData, processedLogin data or the user record from the DB).

No type hinting is added because it might be possible that the incoming data is of any other type.

Parameters
mixed | array$data
bool$isUserRecord
Returns
‪mixed

Definition at line 1106 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\processLoginData().

◆ setAndSaveSessionData()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::setAndSaveSessionData (   $key,
  $data 
)

Sets the session data ($data) for $key and writes all session data (from ->user['ses_data']) to the database. The data will last only for this login session since it is stored in the session table.

Parameters
string$key‪Pointer to an associative key in the session data array which is stored serialized in the field "ses_data" of the session table.
mixed$data‪The data to store in index $key

Reimplemented in TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication.

Definition at line 1025 of file AbstractUserAuthentication.php.

◆ setBeUserByName()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::setBeUserByName (   $name)

Raw initialization of the be_user with username=$name

Parameters
string$name‪The username to look up.
See also
‪\TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::setBeUserByUid()

Definition at line 1191 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getRawUserByName().

Referenced by TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication\authenticate().

◆ setBeUserByUid()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::setBeUserByUid (   $uid)

Raw initialization of the be_user with uid=$uid This will circumvent all login procedures and select a be_users record from the database and set the content of ->user to the record selected. Thus the BE_USER object will appear like if a user was authenticated - however without a session id and the fields from the session table of course. Will check the users for disabled, start/endtime, etc. ($this->user_where_clause())

Parameters
int$uid‪The UID of the backend user to set in ->user

Definition at line 1179 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Webhooks\Message\$uid, and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getRawUserByUid().

Referenced by TYPO3\CMS\Reactions\Authentication\ReactionUserAuthentication\setReactionInstruction().

◆ setSessionCookie()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::setSessionCookie ( )
protected

Sets the setCookie directive to "Send", which will then result in appending a new cookie to the PSR-7 response, see appendCookieToResponse(). In case this method is called, the cookie needs to be set later.

Definition at line 302 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\enforceNewSessionId(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\start(), and TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\storeSessionData().

◆ setSessionData()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::setSessionData (   $key,
  $data 
)

Set session data by key. The data will last only for this login session since it is stored in the user session.

Parameters
string$key‪A non empty string to store the data under
mixed$data‪Data store store in session

Definition at line 1013 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\setAndSaveSessionData(), and TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\setKey().

◆ shallSetSessionCookie()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::shallSetSessionCookie ( )
protected

Determines whether setting the session cookie is generally enabled, or the current session is a non-session cookie (FE permalogin).

Definition at line 311 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Http\SetCookieService\create().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\start().

◆ start()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::start ( ServerRequestInterface  $request)

Starts a user session Typical configurations will: a) check if session cookie was set and if not, set one, b) check if a password/username was sent and if so, try to authenticate the user c) Lookup a session attached to a user and check timeout etc. d) Garbage collection, setting of no-cache headers. If a user is authenticated the database record of the user (array) will be set in the ->user internal variable.

Reimplemented in TYPO3\CMS\Core\Authentication\CommandLineUserAuthentication, and TYPO3\CMS\Reactions\Authentication\ReactionUserAuthentication.

Definition at line 234 of file AbstractUserAuthentication.php.

References $GLOBALS, TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\initializeUserSessionManager(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\setSessionCookie(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\shallSetSessionCookie().

◆ unpack_uc()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::unpack_uc ( )
protected

◆ updateLoginTimestamp()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::updateLoginTimestamp ( int  $userId)
protected

◆ userConstraints()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::userConstraints ( )
protected

This returns the restrictions needed to select the user respecting enable columns and flags like deleted, hidden, starttime, endtime and rootLevel

Definition at line 875 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Utility\GeneralUtility\intExplode().

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getRawUserByName(), and TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getRawUserByUid().

◆ writelog()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::writelog (   $type,
  $action,
  $error,
  $details_nr,
  $details,
  $data,
  $tablename,
  $recuid,
  $recpid 
)

DUMMY: Writes to log database table (in some extension classes)

Parameters
int$type‪denotes which module that has submitted the entry. This is the current list: 1=tce_db; 2=tce_file; 3=system (eg. sys_history save); 4=modules; 254=Personal settings changed; 255=login / out action: 1=login, 2=logout, 3=failed login (+ errorcode 3), 4=failure_warning_email sent
int$action‪denotes which specific operation that wrote the entry (eg. 'delete', 'upload', 'update' and so on...). Specific for each $type. Also used to trigger update of the interface. (see the log-module for the meaning of each number !!)
int$error‪flag. 0 = message, 1 = error (user problem), 2 = System Error (which should not happen), 3 = security notice (admin)
int$details_nr‪The message number. Specific for each $type and $action. in the future this will make it possible to translate error messages to other languages
string$details‪Default text that follows the message
array$data‪Data that follows the log. Might be used to carry special information. If an array the first 5 entries (0-4) will be sprintf'ed the details-text...
string$tablename‪Special field used by tce_main.php. These ($tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)
int | string$recuid‪Special field used by tce_main.php. These ($tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)
int | string$recpid‪Special field used by tce_main.php. These ($tablename, $recuid, $recpid) holds the reference to the record which the log-entry is about. (Was used in attic status.php to update the interface.)

Definition at line 1166 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\checkAuthentication().

◆ writeUC()

TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::writeUC ( )

This writes $this->>uc to the user-record. This is a way of providing session-data. You can fetch the data again through $this->uc in this class!

Definition at line 921 of file AbstractUserAuthentication.php.

References TYPO3\CMS\Core\Database\Connection\PARAM_LOB.

Referenced by TYPO3\CMS\Core\Authentication\BackendUserAuthentication\backendSetUC(), TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\pushModuleData(), and TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\storeSessionData().

Member Data Documentation

◆ $checkPid

bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$checkPid = true

If set, the user-record must be stored at the page defined by $checkPid_value

Definition at line 152 of file AbstractUserAuthentication.php.

◆ $checkPid_value

int string null TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$checkPid_value = 0

The page id the user record must be stored at, can also hold a comma separated list of pids

Definition at line 157 of file AbstractUserAuthentication.php.

◆ $dontSetCookie

bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$dontSetCookie = false
protected

Will prevent the setting of the session cookie

Definition at line 179 of file AbstractUserAuthentication.php.

◆ $enablecolumns

array TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$enablecolumns
Initial value:
= array(
'rootLevel' => '',
'disabled' => '',
'starttime' => '',
'endtime' => '',
'deleted' => '',
)

Enable field columns of user table

Definition at line 112 of file AbstractUserAuthentication.php.

◆ $formfield_status

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$formfield_status = ''
protected

Form field with status: *'login', 'logout'. If empty login is not verified.

Definition at line 137 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\isActiveLogin().

◆ $formfield_uident

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$formfield_uident = ''
protected

Form field with password

Definition at line 131 of file AbstractUserAuthentication.php.

◆ $formfield_uname

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$formfield_uname = ''
protected

Form field with login-name

Definition at line 125 of file AbstractUserAuthentication.php.

◆ $lastLogin_column

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$lastLogin_column = ''
protected

Column name for last login timestamp

Definition at line 107 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\updateLoginTimestamp().

◆ $loginSessionStarted

bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$loginSessionStarted = false
protected

Will be set to TRUE if the login session is actually written during auth-check.

Definition at line 163 of file AbstractUserAuthentication.php.

◆ $loginType

◆ $name

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$name = ''

◆ $setCookie

SetCookieBehavior TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$setCookie = SetCookieBehavior::None
protected

If set, this cookie will be set to the response.

Definition at line 198 of file AbstractUserAuthentication.php.

◆ $uc

array TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$uc = []

User Settings (= preferences)

Definition at line 189 of file AbstractUserAuthentication.php.

◆ $user

array null TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$user

contains user- AND session-data from database (joined tables)

Definition at line 168 of file AbstractUserAuthentication.php.

◆ $user_table

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$user_table = ''

Table in database with user data

Definition at line 76 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Core\Authentication\AbstractUserAuthentication\getAuthInfoArray().

◆ $usergroup_column

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$usergroup_column = ''

Column for user group information

Definition at line 101 of file AbstractUserAuthentication.php.

◆ $usergroup_table

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$usergroup_table = ''

Table in database with user groups

Definition at line 81 of file AbstractUserAuthentication.php.

◆ $userGroups

array TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$userGroups = []

This array will hold the groups that the user is a member of

Definition at line 173 of file AbstractUserAuthentication.php.

Referenced by TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication\createUserAspect().

◆ $userid_column

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$userid_column = ''

◆ $userident_column

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$userident_column = ''

◆ $username_column

string TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$username_column = ''

◆ $userSession

UserSession TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$userSession = null
protected

◆ $userSessionManager

UserSessionManager TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$userSessionManager
protected

◆ $writeAttemptLog

bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$writeAttemptLog = false

Log failed login attempts

Definition at line 147 of file AbstractUserAuthentication.php.

◆ $writeStdLog

bool TYPO3\CMS\Core\Authentication\AbstractUserAuthentication::$writeStdLog = false

Decides if the writelog() function is called at login and logout

Definition at line 142 of file AbstractUserAuthentication.php.