Resources/Documents/_authentication_service_8php_source.html

<?php

namespace TYPO3\CMS\Sv;


/*

 * This file is part of the TYPO3 CMS project.

 *

 * It is free software; you can redistribute it and/or modify it under

 * the terms of the GNU General Public License, either version 2

 * of the License, or any later version.

 *

 * For the full copyright and license information, please read the

 * LICENSE.txt file that was distributed with this source code.

 *

 * The TYPO3 project - inspiring people to share!

 */


use TYPO3\CMS\Core\Utility\GeneralUtility;


class AuthenticationService extends AbstractAuthenticationService

{

    public function processLoginData(array &$loginData, $passwordTransmissionStrategy)

    {

        $isProcessed = false;

        if ($passwordTransmissionStrategy === 'normal') {

            $loginData['uident_text'] = $loginData['uident'];

            $isProcessed = true;

        }

        return $isProcessed;

    }


    public function getUser()

    {

        if ($this->login['status'] !== 'login') {

            return false;

        }

        if (!$this->login['uident']) {

            // Failed Login attempt (no password given)

            $this->writelog(255, 3, 3, 2, 'Login-attempt from %s (%s) for username \'%s\' with an empty password!', array(

                $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']

            ));

            GeneralUtility::sysLog(sprintf('Login-attempt from %s (%s), for username \'%s\' with an empty password!', $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']), 'Core', GeneralUtility::SYSLOG_SEVERITY_WARNING);

            return false;

        }


        $user = $this->fetchUserRecord($this->login['uname']);

        if (!is_array($user)) {

            // Failed login attempt (no username found)

            $this->writelog(255, 3, 3, 2, 'Login-attempt from %s (%s), username \'%s\' not found!!', array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']));

            // Logout written to log

            GeneralUtility::sysLog(sprintf('Login-attempt from %s (%s), username \'%s\' not found!', $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']), 'core', GeneralUtility::SYSLOG_SEVERITY_WARNING);

        } else {

            if ($this->writeDevLog) {

                GeneralUtility::devLog('User found: ' . GeneralUtility::arrayToLogString($user, array($this->db_user['userid_column'], $this->db_user['username_column'])), AuthenticationService::class);

            }

        }

        return $user;

    }


    public function authUser(array $user)

    {

        $OK = 100;

        if ($this->login['uident'] && $this->login['uname']) {

            // Checking password match for user:

            $OK = $this->compareUident($user, $this->login);

            if (!$OK) {

                // Failed login attempt (wrong password) - write that to the log!

                if ($this->writeAttemptLog) {

                    $this->writelog(255, 3, 3, 1, 'Login-attempt from %s (%s), username \'%s\', password not accepted!', array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']));

                    GeneralUtility::sysLog(sprintf('Login-attempt from %s (%s), username \'%s\', password not accepted!', $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $this->login['uname']), 'core', GeneralUtility::SYSLOG_SEVERITY_WARNING);

                }

                if ($this->writeDevLog) {

                    GeneralUtility::devLog('Password not accepted: ' . $this->login['uident'], AuthenticationService::class, 2);

                }

            }

            // Checking the domain (lockToDomain)

            if ($OK && $user['lockToDomain'] && $user['lockToDomain'] !== $this->authInfo['HTTP_HOST']) {

                // Lock domain didn't match, so error:

                if ($this->writeAttemptLog) {

                    $this->writelog(255, 3, 3, 1, 'Login-attempt from %s (%s), username \'%s\', locked domain \'%s\' did not match \'%s\'!', array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->db_user['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST']));

                    GeneralUtility::sysLog(sprintf('Login-attempt from %s (%s), username \'%s\', locked domain \'%s\' did not match \'%s\'!', $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->db_user['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST']), 'core', GeneralUtility::SYSLOG_SEVERITY_WARNING);

                }

                $OK = 0;

            }

        }

        return $OK;

    }


    public function getGroups($user, $knownGroups)

    {

        /*

         * Attention: $knownGroups is not used within this method, but other services can use it.

         * This parameter should not be removed!

         * The FrontendUserAuthentication call getGroups and handover the previous detected groups.

         */

        $groupDataArr = array();

        if ($this->mode === 'getGroupsFE') {

            $groups = array();

            if (is_array($user) && $user[$this->db_user['usergroup_column']]) {

                $groupList = $user[$this->db_user['usergroup_column']];

                $groups = array();

                $this->getSubGroups($groupList, '', $groups);

            }

            // ADD group-numbers if the IPmask matches.

            if (is_array($GLOBALS['TYPO3_CONF_VARS']['FE']['IPmaskMountGroups'])) {

                foreach ($GLOBALS['TYPO3_CONF_VARS']['FE']['IPmaskMountGroups'] as $IPel) {

                    if ($this->authInfo['REMOTE_ADDR'] && $IPel[0] && GeneralUtility::cmpIP($this->authInfo['REMOTE_ADDR'], $IPel[0])) {

                        $groups[] = (int)$IPel[1];

                    }

                }

            }

            $groups = array_unique($groups);

            if (!empty($groups)) {

                $list = implode(',', $groups);

                if ($this->writeDevLog) {

                    GeneralUtility::devLog('Get usergroups with id: ' . $list, __CLASS__);

                }

                $lockToDomain_SQL = ' AND (lockToDomain=\'\' OR lockToDomain IS NULL OR lockToDomain=\'' . $this->authInfo['HTTP_HOST'] . '\')';

                $hiddenP = !$this->authInfo['showHiddenRecords'] ? 'AND hidden=0 ' : '';

                $res = $this->getDatabaseConnection()->exec_SELECTquery('*', $this->db_groups['table'], 'deleted=0 ' . $hiddenP . ' AND uid IN (' . $list . ')' . $lockToDomain_SQL);

                while ($row = $this->getDatabaseConnection()->sql_fetch_assoc($res)) {

                    $groupDataArr[$row['uid']] = $row;

                }

                if ($res) {

                    $this->getDatabaseConnection()->sql_free_result($res);

                }

            } else {

                if ($this->writeDevLog) {

                    GeneralUtility::devLog('No usergroups found.', AuthenticationService::class, 2);

                }

            }

        }

        return $groupDataArr;

    }


    public function getSubGroups($grList, $idList = '', &$groups)

    {

        // Fetching records of the groups in $grList (which are not blocked by lockedToDomain either):

        $lockToDomain_SQL = ' AND (lockToDomain=\'\' OR lockToDomain IS NULL OR lockToDomain=\'' . $this->authInfo['HTTP_HOST'] . '\')';

        $hiddenP = !$this->authInfo['showHiddenRecords'] ? 'AND hidden=0 ' : '';

        $res = $this->getDatabaseConnection()->exec_SELECTquery('uid,subgroup', 'fe_groups', 'deleted=0 ' . $hiddenP . ' AND uid IN (' . $grList . ')' . $lockToDomain_SQL);

        // Internal group record storage

        $groupRows = array();

        // The groups array is filled

        while ($row = $this->getDatabaseConnection()->sql_fetch_assoc($res)) {

            if (!in_array($row['uid'], $groups)) {

                $groups[] = $row['uid'];

            }

            $groupRows[$row['uid']] = $row;

        }

        // Traversing records in the correct order

        $include_staticArr = GeneralUtility::intExplode(',', $grList);

        // traversing list

        foreach ($include_staticArr as $uid) {

            // Get row:

            $row = $groupRows[$uid];

            // Must be an array and $uid should not be in the idList, because then it is somewhere previously in the grouplist

            if (is_array($row) && !GeneralUtility::inList($idList, $uid)) {

                // Include sub groups

                if (trim($row['subgroup'])) {

                    // Make integer list

                    $theList = implode(',', GeneralUtility::intExplode(',', $row['subgroup']));

                    // Call recursively, pass along list of already processed groups so they are not processed again.

                    $this->getSubGroups($theList, $idList . ',' . $uid, $groups);

                }

            }

        }

    }


    protected function getDatabaseConnection()

    {

        return $GLOBALS['TYPO3_DB'];

    }

}