Main Page | Directories | Namespace List | Class Hierarchy | Alphabetical List | Class List | File List | Class Members | File Members | Related Pages | Examples
t3lib

class.t3lib_userauthgroup.php

Go to the documentation of this file.
00001 <?php
00002 /***************************************************************
00003 *  Copyright notice
00004 *
00005 *  (c) 1999-2004 Kasper Skaarhoj (kasperYYYY@typo3.com)
00006 *  All rights reserved
00007 *
00008 *  This script is part of the TYPO3 project. The TYPO3 project is
00009 *  free software; you can redistribute it and/or modify
00010 *  it under the terms of the GNU General Public License as published by
00011 *  the Free Software Foundation; either version 2 of the License, or
00012 *  (at your option) any later version.
00013 *
00014 *  The GNU General Public License can be found at
00015 *  http://www.gnu.org/copyleft/gpl.html.
00016 *  A copy is found in the textfile GPL.txt and important notices to the license
00017 *  from the author is found in LICENSE.txt distributed with these scripts.
00018 *
00019 *
00020 *  This script is distributed in the hope that it will be useful,
00021 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00022 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00023 *  GNU General Public License for more details.
00024 *
00025 *  This copyright notice MUST APPEAR in all copies of the script!
00026 ***************************************************************/
00082    // Need this for parsing User TSconfig
00083 require_once (PATH_t3lib.'class.t3lib_tsparser.php');
00084 
00085 
00086 
00087 
00088 
00089 
00090 
00091 
00092 
00093 
00094 
00095 
00096 
00097 
00098 
00099 
00100 
00101 
00102 
00103 
00104 
00115 class t3lib_userAuthGroup extends t3lib_userAuth {
00116    var $usergroup_column = 'usergroup';      // Should be set to the usergroup-column (id-list) in the user-record
00117    var $usergroup_table = 'be_groups';       // The name of the group-table
00118 
00119       // internal
00120    var $groupData = Array(          // This array holds lists of eg. tables, fields and other values related to the permission-system. See fetchGroupData
00121       'filemounts' => Array()       // Filemounts are loaded here
00122    );
00123 
00124    var $userGroups = Array();       // This array will hold the groups that the user is a member of
00125    var $userGroupsUID = Array();    // This array holds the uid's of the groups in the listed order
00126    var $groupList ='';              // This is $this->userGroupsUID imploded to a comma list... Will correspond to the 'usergroup_cached_list'
00127    var $dataLists=array(            // Used internally to accumulate data for the user-group. DONT USE THIS EXTERNALLY! Use $this->groupData instead
00128       'webmount_list'=>'',
00129       'filemount_list'=>'',
00130       'modList'=>'',
00131       'tables_select'=>'',
00132       'tables_modify'=>'',
00133       'pagetypes_select'=>'',
00134       'non_exclude_fields'=>'',
00135       'explicit_allowdeny'=>'',
00136       'allowed_languages' => '',
00137       'custom_options' => '',
00138    );
00139    var $includeHierarchy=array();      // For debugging/display of order in which subgroups are included.
00140    var $includeGroupArray=array();     // List of group_id's in the order they are processed.
00141 
00142    var $OS='';                   // Set to 'WIN', if windows
00143    var $TSdataArray=array();        // Used to accumulate the TSconfig data of the user
00144    var $userTS_text = '';           // Contains the non-parsed user TSconfig
00145    var $userTS = array();           // Contains the parsed user TSconfig
00146    var $userTSUpdated=0;            // Set internally if the user TSconfig was parsed and needs to be cached.
00147    var $userTS_dontGetCached=0;     // Set this from outside if you want the user TSconfig to ALWAYS be parsed and not fetched from cache.
00148 
00149    var $RTE_errors = array();       // RTE availability errors collected.
00150    var $errorMsg = '';              // Contains last error message
00151 
00152 
00153 
00154 
00155 
00156 
00157 
00158 
00159 
00160 
00161 
00162 
00163 
00164    /************************************
00165     *
00166     * Permission checking functions:
00167     *
00168     ************************************/
00169 
00176    function isAdmin()   {
00177       return (($this->user['admin']&1) ==1);
00178    }
00179 
00188    function isMemberOfGroup($groupId)  {
00189       $groupId = intval($groupId);
00190       if ($this->groupList && $groupId)   {
00191          return $this->inList($this->groupList, $groupId);
00192       }
00193    }
00194 
00210    function doesUserHaveAccess($row,$perms)  {
00211       $userPerms = $this->calcPerms($row);
00212       return ($userPerms & $perms)==$perms;
00213    }
00214 
00227    function isInWebMount($id,$readPerms='',$exitOnError=0)  {
00228       if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['lockBeUserToDBmounts'] || $this->isAdmin()) return 1;
00229       $id = intval($id);
00230       if (!$readPerms)  $readPerms = $this->getPagePermsClause(1);
00231       if ($id>0)  {
00232          $wM = $this->returnWebmounts();
00233          $rL = t3lib_BEfunc::BEgetRootLine($id,' AND '.$readPerms);
00234 
00235          foreach($rL as $v)   {
00236             if ($v['uid'] && in_array($v['uid'],$wM)) {
00237                return $v['uid'];
00238             }
00239          }
00240       }
00241       if ($exitOnError) {
00242          t3lib_BEfunc::typo3PrintError ('Access Error','This page is not within your DB-mounts',0);
00243          exit;
00244       }
00245    }
00246 
00254    function modAccess($conf,$exitOnError) {
00255       if (!t3lib_BEfunc::isModuleSetInTBE_MODULES($conf['name'])) {
00256          if ($exitOnError) {
00257             t3lib_BEfunc::typo3PrintError ('Fatal Error','This module "'.$conf['name'].'" is not enabled in TBE_MODULES',0);
00258             exit;
00259          }
00260          return false;
00261       }
00262 
00263          // Returns true if conf[access] is not set at all or if the user is admin
00264       if (!$conf['access']  ||  $this->isAdmin()) return true;
00265 
00266          // If $conf['access'] is set but not with 'admin' then we return true, if the module is found in the modList
00267       if (!strstr($conf['access'],'admin') && $conf['name'])   {
00268          $acs = $this->check('modules',$conf['name']);
00269       }
00270       if (!$acs && $exitOnError) {
00271          t3lib_BEfunc::typo3PrintError ('Access Error','You don\'t have access to this module.',0);
00272          exit;
00273       } else return $acs;
00274    }
00275 
00290    function getPagePermsClause($perms) {
00291       if (is_array($this->user)) {
00292          if ($this->isAdmin())   {
00293             return ' 1=1';
00294          }
00295 
00296          $perms = intval($perms);   // Make sure it's integer.
00297          $str= ' ('.
00298             '(pages.perms_everybody & '.$perms.' = '.$perms.')'.  // Everybody
00299             'OR(pages.perms_userid = '.$this->user['uid'].' AND pages.perms_user & '.$perms.' = '.$perms.')';  // User
00300          if ($this->groupList){$str.='OR(pages.perms_groupid in ('.$this->groupList.') AND pages.perms_group & '.$perms.' = '.$perms.')';}   // Group (if any is set)
00301          $str.=')';
00302          return $str;
00303       } else {
00304          return ' 1=0';
00305       }
00306    }
00307 
00316    function calcPerms($row)   {
00317       if ($this->isAdmin()) {return 31;}     // Return 31 for admin users.
00318 
00319       $out=0;
00320       if (isset($row['perms_userid']) && isset($row['perms_user']) && isset($row['perms_groupid']) && isset($row['perms_group']) && isset($row['perms_everybody']) && isset($this->groupList))  {
00321          if ($this->user['uid']==$row['perms_userid'])   {
00322             $out|=$row['perms_user'];
00323          }
00324          if ($this->isMemberOfGroup($row['perms_groupid'])) {
00325             $out|=$row['perms_group'];
00326          }
00327          $out|=$row['perms_everybody'];
00328       }
00329       return $out;
00330    }
00331 
00339    function isRTE()  {
00340       global $CLIENT;
00341 
00342          // Start:
00343       $this->RTE_errors = array();
00344       if (!$this->uc['edit_RTE'])
00345          $this->RTE_errors[] = 'RTE is not enabled for user!';
00346       if (!$GLOBALS['TYPO3_CONF_VARS']['BE']['RTEenabled'])
00347          $this->RTE_errors[] = 'RTE is not enabled in $TYPO3_CONF_VARS["BE"]["RTEenabled"]';
00348 
00349 
00350          // Acquire RTE object:
00351       $RTE = &t3lib_BEfunc::RTEgetObj();
00352       if (!is_object($RTE))   {
00353          $this->RTE_errors = array_merge($this->RTE_errors, $RTE);
00354       }
00355 
00356       if (!count($this->RTE_errors))   {
00357          return TRUE;
00358       } else {
00359          return FALSE;
00360       }
00361    }
00362 
00373    function check($type,$value)  {
00374       if (isset($this->groupData[$type])) {
00375          if ($this->isAdmin() || $this->inList($this->groupData[$type],$value)) {
00376             return 1;
00377          }
00378       }
00379    }
00380 
00390    function checkAuthMode($table,$field,$value,$authMode)   {
00391       global $TCA;
00392 
00393          // Admin users can do anything:
00394       if ($this->isAdmin())   return TRUE;
00395 
00396          // Allow all blank values:
00397       if (!strcmp($value,'')) return TRUE;
00398 
00399          // Certain characters are not allowed in the value
00400       if (ereg('[:|,]',$value))  {
00401          return FALSE;
00402       }
00403 
00404          // Initialize:
00405       $testValue = $table.':'.$field.':'.$value;
00406       $out = TRUE;
00407 
00408          // Checking value:
00409       switch((string)$authMode)  {
00410          case 'explicitAllow':
00411             if (!$this->inList($this->groupData['explicit_allowdeny'],$testValue.':ALLOW'))  {
00412                $out = FALSE;
00413             }
00414          break;
00415          case 'explicitDeny':
00416             if ($this->inList($this->groupData['explicit_allowdeny'],$testValue.':DENY')) {
00417                $out = FALSE;
00418             }
00419          break;
00420          case 'individual':
00421             t3lib_div::loadTCA($table);
00422             if (is_array($TCA[$table]) && is_array($TCA[$table]['columns'][$field]))   {
00423                $items = $TCA[$table]['columns'][$field]['config']['items'];
00424                if (is_array($items))   {
00425                   foreach($items as $iCfg)   {
00426                      if (!strcmp($iCfg[1],$value) && $iCfg[4]) {
00427                         switch((string)$iCfg[4])   {
00428                            case 'EXPL_ALLOW':
00429                               if (!$this->inList($this->groupData['explicit_allowdeny'],$testValue.':ALLOW'))  {
00430                                  $out = FALSE;
00431                               }
00432                            break;
00433                            case 'EXPL_DENY':
00434                               if ($this->inList($this->groupData['explicit_allowdeny'],$testValue.':DENY')) {
00435                                  $out = FALSE;
00436                               }
00437                            break;
00438                         }
00439                         break;
00440                      }
00441                   }
00442                }
00443             }
00444          break;
00445       }
00446 
00447       return $out;
00448    }
00449 
00456    function checkLanguageAccess($langValue)  {
00457       if (strcmp($this->groupData['allowed_languages'],'')) {  // The users language list must be non-blank - otherwise all languages are allowed.
00458          $langValue = intval($langValue);
00459          if ($langValue != -1 && !$this->check('allowed_languages',$langValue))  {  // Language must either be explicitly allowed OR the lang Value be "-1" (all languages)
00460             return FALSE;
00461          }
00462       }
00463       return TRUE;
00464    }
00465 
00476    function recordEditAccessInternals($table,$idOrRow)   {
00477       global $TCA;
00478 
00479       if (isset($TCA[$table]))   {
00480          t3lib_div::loadTCA($table);
00481 
00482             // Always return true for Admin users.
00483          if ($this->isAdmin())   return TRUE;
00484 
00485             // Fetching the record if the $idOrRow variable was not an array on input:
00486          if (!is_array($idOrRow))   {
00487             $idOrRow = t3lib_BEfunc::getRecord($table, $idOrRow);
00488             if (!is_array($idOrRow))   {
00489                $this->errorMsg = 'ERROR: Record could not be fetched.';
00490                return FALSE;
00491             }
00492          }
00493 
00494             // Checking languages:
00495          if ($TCA[$table]['ctrl']['languageField'])   {
00496             if (isset($idOrRow[$TCA[$table]['ctrl']['languageField']])) {  // Language field must be found in input row - otherwise it does not make sense.
00497                if (!$this->checkLanguageAccess($idOrRow[$TCA[$table]['ctrl']['languageField']]))   {
00498                   $this->errorMsg = 'ERROR: Language was not allowed.';
00499                   return FALSE;
00500                }
00501             }
00502          }
00503 
00504             // Checking authMode fields:
00505          if (is_array($TCA[$table]['columns'])) {
00506             foreach($TCA[$table]['columns'] as $fN => $fV)  {
00507                if (isset($idOrRow[$fN]))  {  //
00508                   if ($fV['config']['type']=='select' && $fV['config']['authMode'] && !strcmp($fV['config']['authMode_enforce'],'strict')) {
00509                      if (!$this->checkAuthMode($table,$fN,$idOrRow[$fN],$fV['config']['authMode']))   {
00510                         $this->errorMsg = 'ERROR: authMode "'.$fV['config']['authMode'].'" failed for field "'.$fN.'" with value "'.$idOrRow[$fN].'" evaluated';
00511                         return FALSE;
00512                      }
00513                   }
00514                }
00515             }
00516          }
00517 
00518             // Checking "editlock" feature
00519          if ($TCA[$table]['ctrl']['editlock'] && $idOrRow[$TCA[$table]['ctrl']['editlock']]) {
00520             $this->errorMsg = 'ERROR: Record was locked for editing. Only admin users can change this state.';
00521             return FALSE;
00522          }
00523 
00524             // Checking record permissions
00525          // THIS is where we can include a check for "perms_" fields for other records than pages...
00526 
00527             // Finally, return true if all is well.
00528          return TRUE;
00529       }
00530    }
00531 
00541    function isPSet($lCP,$table,$type='')  {
00542       if ($this->isAdmin())   return true;
00543       if ($table=='pages') {
00544          if ($type=='edit')   return $lCP & 2;
00545          if ($type=='new') return ($lCP & 8) || ($lCP & 16);   // Create new page OR pagecontent
00546          if ($type=='delete') return $lCP & 4;
00547          if ($type=='editcontent')  return $lCP & 16;
00548       } else {
00549          return $lCP & 16;
00550       }
00551    }
00552 
00558    function mayMakeShortcut() {
00559       return $this->getTSConfigVal('options.shortcutFrame') && !$this->getTSConfigVal('options.mayNotCreateEditShortcuts');
00560    }
00561 
00562 
00563 
00564 
00565 
00566 
00567 
00568 
00569 
00570 
00571    /*************************************
00572     *
00573     * Miscellaneous functions
00574     *
00575     *************************************/
00576 
00586    function getTSConfig($objectString,$config='')  {
00587       if (!is_array($config)) {
00588          $config=$this->userTS;  // Getting Root-ts if not sent
00589       }
00590       $TSConf=array();
00591       $parts = explode('.',$objectString,2);
00592       $key = $parts[0];
00593       if (trim($key))   {
00594          if (count($parts)>1 && trim($parts[1]))   {
00595             // Go on, get the next level
00596             if (is_array($config[$key.'.'])) $TSConf = $this->getTSConfig($parts[1],$config[$key.'.']);
00597          } else {
00598             $TSConf['value']=$config[$key];
00599             $TSConf['properties']=$config[$key.'.'];
00600          }
00601       }
00602       return $TSConf;
00603    }
00604 
00612    function getTSConfigVal($objectString) {
00613       $TSConf = $this->getTSConfig($objectString);
00614       return $TSConf['value'];
00615    }
00616 
00624    function getTSConfigProp($objectString)   {
00625       $TSConf = $this->getTSConfig($objectString);
00626       return $TSConf['properties'];
00627    }
00628 
00636    function inList($in_list,$item)  {
00637       return strstr(','.$in_list.',', ','.$item.',');
00638    }
00639 
00647    function returnWebmounts() {
00648       return (string)($this->groupData['webmounts'])!='' ? explode(',',$this->groupData['webmounts']) : Array();
00649    }
00650 
00657    function returnFilemounts()   {
00658       return $this->groupData['filemounts'];
00659    }
00660 
00661 
00662 
00663 
00664 
00665 
00666 
00667 
00668 
00669 
00670 
00671 
00672    /*************************************
00673     *
00674     * Authentication methods
00675     *
00676     *************************************/
00677 
00678 
00687    function fetchGroupData()  {
00688       if ($this->user['uid']) {
00689 
00690             // Get lists for the be_user record and set them as default/primary values.
00691          $this->dataLists['modList'] = $this->user['userMods'];               // Enabled Backend Modules
00692          $this->dataLists['allowed_languages'] = $this->user['allowed_languages'];              // Add Allowed Languages
00693          $this->dataLists['webmount_list'] = $this->user['db_mountpoints'];      // Database mountpoints
00694          $this->dataLists['filemount_list'] = $this->user['file_mountpoints'];   // File mountpoints
00695 
00696             // Setting default User TSconfig:
00697          $this->TSdataArray[]=$this->addTScomment('From $GLOBALS["TYPO3_CONF_VARS"]["BE"]["defaultUserTSconfig"]:').
00698                            $GLOBALS['TYPO3_CONF_VARS']['BE']['defaultUserTSconfig'];
00699 
00700             // Default TSconfig for admin-users
00701          if ($this->isAdmin())   {
00702             $this->TSdataArray[]=$this->addTScomment('"admin" user presets:').'
00703                admPanel.enable.all = 1
00704                options.shortcutFrame = 1
00705             ';
00706             if (t3lib_extMgm::isLoaded('tt_news')) {
00707                $this->TSdataArray[]='
00708                   // Setting defaults for tt_news author / email...
00709                   TCAdefaults.tt_news.author = '.$this->user['realName'].'
00710                   TCAdefaults.tt_news.author_email = '.$this->user['email'].'
00711                ';
00712             }
00713             if (t3lib_extMgm::isLoaded('sys_note'))   {
00714                $this->TSdataArray[]='
00715                   // Setting defaults for sys_note author / email...
00716                   TCAdefaults.sys_note.author = '.$this->user['realName'].'
00717                   TCAdefaults.sys_note.email = '.$this->user['email'].'
00718                ';
00719             }
00720          }
00721 
00722             // FILE MOUNTS:
00723             // Admin users has the base fileadmin dir mounted
00724          if ($this->isAdmin() && $GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir']) {
00725             $this->addFileMount($GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'], '', PATH_site.$GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'], 0, '');
00726          }
00727 
00728             // If userHomePath is set, we attempt to mount it
00729          if ($GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath'])   {
00730                // First try and mount with [uid]_[username]
00731             $didMount=$this->addFileMount($this->user['username'], '',$GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath'].$this->user['uid'].'_'.$this->user['username'].$GLOBALS['TYPO3_CONF_VARS']['BE']['userUploadDir'], 0, 'user');
00732             if (!$didMount)   {
00733                   // If that failed, try and mount with only [uid]
00734                $this->addFileMount($this->user['username'], '', $GLOBALS['TYPO3_CONF_VARS']['BE']['userHomePath'].$this->user['uid'].$GLOBALS['TYPO3_CONF_VARS']['BE']['userUploadDir'], 0, 'user');
00735             }
00736          }
00737 
00738             // BE_GROUPS:
00739             // Get the groups...
00740 #        $grList = t3lib_BEfunc::getSQLselectableList($this->user[$this->usergroup_column],$this->usergroup_table,$this->usergroup_table);
00741          $grList = $GLOBALS['TYPO3_DB']->cleanIntList($this->user[$this->usergroup_column]); // 240203: Since the group-field never contains any references to groups with a prepended table name we think it's safe to just intExplode and re-implode - which should be much faster than the other function call.
00742          if ($grList)   {
00743                // Fetch groups will add a lot of information to the internal arrays: modules, accesslists, TSconfig etc. Refer to fetchGroups() function.
00744             $this->fetchGroups($grList);
00745          }
00746 
00747             // Add the TSconfig for this specific user:
00748          $this->TSdataArray[] = $this->addTScomment('USER TSconfig field').$this->user['TSconfig'];
00749             // Check include lines.
00750          $this->TSdataArray = t3lib_TSparser::checkIncludeLines_array($this->TSdataArray);
00751 
00752             // Parsing the user TSconfig (or getting from cache)
00753          $this->userTS_text = implode(chr(10).'[GLOBAL]'.chr(10),$this->TSdataArray);  // Imploding with "[global]" will make sure that non-ended confinements with braces are ignored.
00754          $hash = md5('userTS:'.$this->userTS_text);
00755          $cachedContent = t3lib_BEfunc::getHash($hash,0);
00756          if (isset($cachedContent) && !$this->userTS_dontGetCached)  {
00757             $this->userTS = unserialize($cachedContent);
00758          } else {
00759             $parseObj = t3lib_div::makeInstance('t3lib_TSparser');
00760             $parseObj->parse($this->userTS_text);
00761             $this->userTS = $parseObj->setup;
00762             t3lib_BEfunc::storeHash($hash,serialize($this->userTS),'BE_USER_TSconfig');
00763                // Update UC:
00764             $this->userTSUpdated=1;
00765          }
00766 
00767             // Processing webmounts
00768          if ($this->isAdmin() && !$this->getTSConfigVal('options.dontMountAdminMounts'))  {  // Admin's always have the root mounted
00769             $this->dataLists['webmount_list']='0,'.$this->dataLists['webmount_list'];
00770          }
00771 
00772             // Processing filemounts
00773          $this->dataLists['filemount_list'] = t3lib_div::uniqueList($this->dataLists['filemount_list']);
00774          if ($this->dataLists['filemount_list'])   {
00775             $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', 'sys_filemounts', 'NOT deleted AND NOT hidden AND pid=0 AND uid IN ('.$this->dataLists['filemount_list'].')');
00776             while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))  {
00777                $this->addFileMount($row['title'], $row['path'], $row['path'], $row['base']?1:0, '');
00778             }
00779          }
00780 
00781             // The lists are cleaned for duplicates
00782          $this->groupData['webmounts'] = t3lib_div::uniqueList($this->dataLists['webmount_list']);
00783          $this->groupData['pagetypes_select'] = t3lib_div::uniqueList($this->dataLists['pagetypes_select']);
00784          $this->groupData['tables_select'] = t3lib_div::uniqueList($this->dataLists['tables_modify'].','.$this->dataLists['tables_select']);
00785          $this->groupData['tables_modify'] = t3lib_div::uniqueList($this->dataLists['tables_modify']);
00786          $this->groupData['non_exclude_fields'] = t3lib_div::uniqueList($this->dataLists['non_exclude_fields']);
00787          $this->groupData['explicit_allowdeny'] = t3lib_div::uniqueList($this->dataLists['explicit_allowdeny']);
00788          $this->groupData['allowed_languages'] = t3lib_div::uniqueList($this->dataLists['allowed_languages']);
00789          $this->groupData['custom_options'] = t3lib_div::uniqueList($this->dataLists['custom_options']);
00790          $this->groupData['modules'] = t3lib_div::uniqueList($this->dataLists['modList']);
00791 
00792             // populating the $this->userGroupsUID -array with the groups in the order in which they were LAST included.!!
00793          $this->userGroupsUID = array_reverse(array_unique(array_reverse($this->includeGroupArray)));
00794 
00795             // Finally this is the list of group_uid's in the order they are parsed (including subgroups!) and without duplicates (duplicates are presented with their last entrance in the list, which thus reflects the order of the TypoScript in TSconfig)
00796          $this->groupList = implode(',',$this->userGroupsUID);
00797          $this->setCachedList($this->groupList);
00798       }
00799    }
00800 
00810    function fetchGroups($grList,$idList='')  {
00811 
00812          // Fetching records of the groups in $grList (which are not blocked by lockedToDomain either):
00813       $lockToDomain_SQL = ' AND (lockToDomain="" OR lockToDomain="'.t3lib_div::getIndpEnv('HTTP_HOST').'")';
00814       $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', $this->usergroup_table, 'NOT deleted AND NOT hidden AND pid=0 AND uid IN ('.$grList.')'.$lockToDomain_SQL);
00815 
00816          // The userGroups array is filled
00817       while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res))  {
00818          $this->userGroups[$row['uid']] = $row;
00819       }
00820 
00821          // Traversing records in the correct order
00822       $include_staticArr = t3lib_div::intExplode(',',$grList);
00823       reset($include_staticArr);
00824       while(list(,$uid)=each($include_staticArr))  {  // traversing list
00825 
00826             // Get row:
00827          $row=$this->userGroups[$uid];
00828          if (is_array($row) && !t3lib_div::inList($idList,$uid))  {  // Must be an array and $uid should not be in the idList, because then it is somewhere previously in the grouplist
00829 
00830                // Include sub groups
00831             if (trim($row['subgroup']))   {
00832                $theList = implode(',',t3lib_div::intExplode(',',$row['subgroup'])); // Make integer list
00833                $this->fetchGroups($theList, $idList.','.$uid);    // Call recursively, pass along list of already processed groups so they are not recursed again.
00834             }
00835                // Add the group uid, current list, TSconfig to the internal arrays.
00836             $this->includeGroupArray[]=$uid;
00837             $this->includeHierarchy[]=$idList;
00838             $this->TSdataArray[] = $this->addTScomment('Group "'.$row['title'].'" ['.$row['uid'].'] TSconfig field:').$row['TSconfig'];
00839 
00840                // Mount group database-mounts
00841             if (($this->user['options']&1) == 1)   {  $this->dataLists['webmount_list'].= ','.$row['db_mountpoints'];   }
00842 
00843                // Mount group file-mounts
00844             if (($this->user['options']&2) == 2)   {  $this->dataLists['filemount_list'].= ','.$row['file_mountpoints'];   }
00845 
00846                // Mount group home-dirs
00847             if (($this->user['options']&2) == 2)   {
00848                   // If groupHomePath is set, we attempt to mount it
00849                if ($GLOBALS['TYPO3_CONF_VARS']['BE']['groupHomePath'])  {
00850                   $this->addFileMount($row['title'], '', $GLOBALS['TYPO3_CONF_VARS']['BE']['groupHomePath'].$row['uid'], 0, 'group');
00851                }
00852             }
00853 
00854                // The lists are made: groupMods, tables_select, tables_modify, pagetypes_select, non_exclude_fields, explicit_allowdeny, allowed_languages, custom_options
00855             if ($row['inc_access_lists']==1) {
00856                $this->dataLists['modList'].= ','.$row['groupMods'];
00857                $this->dataLists['tables_select'].= ','.$row['tables_select'];
00858                $this->dataLists['tables_modify'].= ','.$row['tables_modify'];
00859                $this->dataLists['pagetypes_select'].= ','.$row['pagetypes_select'];
00860                $this->dataLists['non_exclude_fields'].= ','.$row['non_exclude_fields'];
00861                $this->dataLists['explicit_allowdeny'].= ','.$row['explicit_allowdeny'];
00862                $this->dataLists['allowed_languages'].= ','.$row['allowed_languages'];
00863                $this->dataLists['custom_options'].= ','.$row['custom_options'];
00864             }
00865                // If this function is processing the users OWN group-list (not subgroups) AND if the ->firstMainGroup is not set, then the ->firstMainGroup will be set.
00866             if (!strcmp($idList,'') && !$this->firstMainGroup) {
00867                $this->firstMainGroup=$uid;
00868             }
00869          }
00870       }
00871 
00872    }
00873 
00882    function setCachedList($cList)   {
00883       if ((string)$cList != (string)$this->user['usergroup_cached_list'])  {
00884          $GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_users', 'uid='.intval($this->user['uid']), array('usergroup_cached_list' => $cList));
00885       }
00886    }
00887 
00902    function addFileMount($title, $altTitle, $path, $webspace, $type) {
00903          // Return false if fileadminDir is not set and we try to mount a relative path
00904       if ($webspace && !$GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir']) return false;
00905 
00906          // Trimming and pre-processing
00907       $path=trim($path);
00908       if ($this->OS=='WIN')   {     // with WINDOWS convert backslash to slash!!
00909          $path=str_replace('\\','/',$path);
00910       }
00911          // If the path is true and validates as a valid path string:
00912       if ($path && t3lib_div::validPathStr($path)) {
00913             // these lines remove all slashes and dots before and after the path
00914          $path=ereg_replace('^[\/\. ]*','',$path);
00915          $path=trim(ereg_replace('[\/\. ]*$','',$path));
00916 
00917 
00918          if ($path)  {  // there must be some chars in the path
00919             $fdir=PATH_site.$GLOBALS['TYPO3_CONF_VARS']['BE']['fileadminDir'];   // fileadmin dir, absolute
00920             if ($webspace) {
00921                $path=$fdir.$path;   // PATH_site + fileadmin dir is prepended
00922             } else {
00923                if ($this->OS!='WIN')   {     // with WINDOWS no prepending!!
00924                   $path='/'.$path;  // root-level is the start...
00925                }
00926             }
00927             $path.='/';
00928 
00929                // We now have a path with slash after and slash before (if unix)
00930             if (@is_dir($path) &&
00931                (($GLOBALS['TYPO3_CONF_VARS']['BE']['lockRootPath'] && t3lib_div::isFirstPartOfStr($path,$GLOBALS['TYPO3_CONF_VARS']['BE']['lockRootPath'])) || t3lib_div::isFirstPartOfStr($path,$fdir)))   {
00932                      // Alternative title?
00933                   $name = $title ? $title : $altTitle;
00934                      // Adds the filemount. The same filemount with same name, type and path cannot be set up twice because of the hash string used as key.
00935                   $this->groupData['filemounts'][md5($name.'|'.$path.'|'.$type)] = Array('name'=>$name, 'path'=>$path, 'type'=>$type);
00936                      // Return true - went well, success!
00937                   return 1;
00938             }
00939          }
00940       }
00941    }
00942 
00949    function addTScomment($str)   {
00950       $delimiter = '# ***********************************************';
00951 
00952       $out = $delimiter.chr(10);
00953       $lines = t3lib_div::trimExplode(chr(10),$str);
00954       foreach($lines as $v)   {
00955          $out.= '# '.$v.chr(10);
00956       }
00957       $out.= $delimiter.chr(10);
00958       return $out;
00959    }
00960 
00961 
00962 
00963 
00964 
00965 
00966 
00967 
00968 
00969 
00970 
00971 
00972    /************************************
00973     *
00974     * Logging
00975     *
00976     ************************************/
00977 
00978 
00996    function writelog($type,$action,$error,$details_nr,$details,$data,$tablename='',$recuid='',$recpid='',$event_pid=-1,$NEWid='') {
00997 
00998       $fields_values = Array (
00999          'userid' => intval($this->user['uid']),
01000          'type' => intval($type),
01001          'action' => intval($action),
01002          'error' => intval($error),
01003          'details_nr' => intval($details_nr),
01004          'details' => $details,
01005          'log_data' => serialize($data),
01006          'tablename' => $tablename,
01007          'recuid' => intval($recuid),
01008          'recpid' => intval($recpid),
01009          'IP' => t3lib_div::getIndpEnv('REMOTE_ADDR'),
01010          'tstamp' => $GLOBALS['EXEC_TIME'],
01011          'event_pid' => intval($event_pid),
01012          'NEWid' => $NEWid
01013       );
01014 
01015       $GLOBALS['TYPO3_DB']->exec_INSERTquery('sys_log', $fields_values);
01016       return $GLOBALS['TYPO3_DB']->sql_insert_id();
01017    }
01018 
01029    function checkLogFailures($email, $secondsBack=3600, $max=3)   {
01030       if ($email) {
01031 
01032             // get last flag set in the log for sending
01033          $theTimeBack = time()-$secondsBack;
01034          $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
01035                      'tstamp',
01036                      'sys_log',
01037                      'type=255 AND action=4 AND tstamp>'.intval($theTimeBack),
01038                      '',
01039                      'tstamp DESC',
01040                      '1'
01041                   );
01042          if ($testRow = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
01043             $theTimeBack = $testRow['tstamp'];
01044          }
01045 
01046             // Check for more than $max number of error failures with the last period.
01047          $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery(
01048                      '*',
01049                      'sys_log',
01050                      'type=255 AND action=3 AND error!=0 AND tstamp>'.intval($theTimeBack),
01051                      '',
01052                      'tstamp'
01053                   );
01054          if ($GLOBALS['TYPO3_DB']->sql_num_rows($res) > $max)  {
01055                // OK, so there were more than the max allowed number of login failures - so we will send an email then.
01056             $subject = 'TYPO3 Login Failure Warning (at '.$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'].')';
01057             $email_body = '
01058 There has been numerous attempts ('.$GLOBALS['TYPO3_DB']->sql_num_rows($res).') to login at the TYPO3
01059 site "'.$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'].'" ('.t3lib_div::getIndpEnv('HTTP_HOST').').
01060 
01061 This is a dump of the failures:
01062 
01063 ';
01064             while($testRows = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
01065                $theData = unserialize($testRows['log_data']);
01066                $email_body.=date($GLOBALS['TYPO3_CONF_VARS']['SYS']['ddmmyy'].' H:i',$testRows['tstamp']).':  '.@sprintf($testRows['details'],''.$theData[0],''.$theData[1],''.$theData[2]);
01067                $email_body.=chr(10);
01068             }
01069             mail( $email,
01070                   $subject,
01071                   $email_body,
01072                   'From: TYPO3 Login WARNING<>'
01073             );
01074             $this->writelog(255,4,0,3,'Failure warning (%s failures within %s seconds) sent by email to %s',Array($GLOBALS['TYPO3_DB']->sql_num_rows($res),$secondsBack,$email));   // Logout written to log
01075          }
01076       }
01077    }
01078 }
01079 
01080 
01081 
01082 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_userauthgroup.php']) {
01083    include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_userauthgroup.php']);
01084 }
01085 ?>
Generated on Sun Oct 3 01:05:52 2004 for TYPO3core 3.7.0 dev by  doxygen 1.3.8-20040913