/**
* Create selector for workspaces and change workspace if command is given to do that.
*
* @return string HTML
*/
function workspaceSelector()
{
global $TYPO3_DB, $BE_USER, $LANG;
// Changing workspace and if so, reloading entire backend:
if (strlen($this->changeWorkspace)) {
$BE_USER->setWorkspace($this->changeWorkspace);
return $this->doc->wrapScriptTags('top.location.href="' . t3lib_BEfunc::getBackendScript() . '";');
}
// Changing workspace and if so, reloading entire backend:
if (strlen($this->changeWorkspacePreview)) {
$BE_USER->setWorkspacePreview($this->changeWorkspacePreview);
}
// Create options array:
$options = array();
if ($BE_USER->checkWorkspace(array('uid' => 0))) {
$options[0] = '[' . $LANG->getLL('shortcut_onlineWS') . ']';
}
if ($BE_USER->checkWorkspace(array('uid' => -1))) {
$options[-1] = '[' . $LANG->getLL('shortcut_offlineWS') . ']';
}
// Add custom workspaces (selecting all, filtering by BE_USER check):
$workspaces = $TYPO3_DB->exec_SELECTgetRows('uid,title,adminusers,members,reviewers', 'sys_workspace', 'pid=0' . t3lib_BEfunc::deleteClause('sys_workspace'), '', 'title');
if (count($workspaces)) {
foreach ($workspaces as $rec) {
if ($BE_USER->checkWorkspace($rec)) {
$options[$rec['uid']] = $rec['uid'] . ': ' . $rec['title'];
}
}
}
// Build selector box:
if (count($options)) {
foreach ($options as $value => $label) {
$selected = (int) $BE_USER->workspace === $value ? ' selected="selected"' : '';
$options[$value] = '<option value="' . htmlspecialchars($value) . '"' . $selected . '>' . htmlspecialchars($label) . '</option>';
}
} else {
$options[] = '<option value="-99">' . $LANG->getLL('shortcut_noWSfound', 1) . '</option>';
}
$selector = '';
// Preview:
if ($BE_USER->workspace !== 0) {
$selector .= '<label for="workspacePreview">Frontend Preview:</label> <input type="checkbox" name="workspacePreview" id="workspacePreview" onclick="changeWorkspacePreview(' . ($BE_USER->user['workspace_preview'] ? 0 : 1) . ')"; ' . ($BE_USER->user['workspace_preview'] ? 'checked="checked"' : '') . '/> ';
}
$selector .= '<a href="mod/user/ws/index.php" target="content">' . t3lib_iconWorks::getSpriteIconForRecord('sys_workspace', array()) . '</a>';
if (count($options) > 1) {
$selector .= '<select name="_workspaceSelector" onchange="changeWorkspace(this.options[this.selectedIndex].value);">' . implode('', $options) . '</select>';
}
return $selector;
}
/**
* Main function for Workspace Manager module.
*
* @return void
*/
function main()
{
global $LANG, $BE_USER, $BACK_PATH;
// See if we need to switch workspace
$changeWorkspace = t3lib_div::_GET('changeWorkspace');
if ($changeWorkspace != '') {
$BE_USER->setWorkspace($changeWorkspace);
$this->content .= $this->doc->wrapScriptTags('top.location.href="' . $BACK_PATH . t3lib_BEfunc::getBackendScript() . '";');
} else {
// Starting page:
$this->content .= $this->doc->header($LANG->getLL('title'));
$this->content .= $this->doc->spacer(5);
// Get usernames and groupnames
$be_group_Array = t3lib_BEfunc::getListGroupNames('title,uid');
$groupArray = array_keys($be_group_Array);
// Need 'admin' field for t3lib_iconWorks::getIconImage()
$this->be_user_Array_full = $this->be_user_Array = t3lib_BEfunc::getUserNames('username,usergroup,usergroup_cached_list,uid,admin,workspace_perms');
if (!$GLOBALS['BE_USER']->isAdmin()) {
$this->be_user_Array = t3lib_BEfunc::blindUserNames($this->be_user_Array, $groupArray, 1);
}
// Build top menu:
$menuItems = array();
$menuItems[] = array('label' => $LANG->getLL('menuitem_review'), 'content' => $this->moduleContent_publish());
$menuItems[] = array('label' => $LANG->getLL('menuitem_workspaces'), 'content' => $this->moduleContent_workspaceList());
// Add hidden fields and create tabs:
$content = $this->doc->getDynTabMenu($menuItems, 'user_ws');
$this->content .= $this->doc->section('', $content, 0, 1);
// Setting up the buttons and markers for docheader
$docHeaderButtons = $this->getButtons();
// $markers['CSH'] = $docHeaderButtons['csh'];
}
$markers['CONTENT'] = $this->content;
// Build the <body> for the module
$this->content = $this->doc->startPage($LANG->getLL('title'));
$this->content .= $this->doc->moduleBody($this->pageinfo, $docHeaderButtons, $markers);
$this->content .= $this->doc->endPage();
$this->content = $this->doc->insertStylesAndJS($this->content);
}
/**
* Checks if a submission of username and password is present or use other authentication by auth services
*
* @return void
* @internal
*/
function checkAuthentication()
{
// No user for now - will be searched by service below
$tempuserArr = array();
$tempuser = FALSE;
// User is not authenticated by default
$authenticated = FALSE;
// User want to login with passed login data (name/password)
$activeLogin = FALSE;
// Indicates if an active authentication failed (not auto login)
$this->loginFailure = FALSE;
if ($this->writeDevLog) {
t3lib_div::devLog('Login type: ' . $this->loginType, 't3lib_userAuth');
}
// The info array provide additional information for auth services
$authInfo = $this->getAuthInfoArray();
// Get Login/Logout data submitted by a form or params
$loginData = $this->getLoginFormData();
if ($this->writeDevLog) {
t3lib_div::devLog('Login data: ' . t3lib_div::arrayToLogString($loginData), 't3lib_userAuth');
}
// active logout (eg. with "logout" button)
if ($loginData['status'] == 'logout') {
if ($this->writeStdLog) {
$this->writelog(255, 2, 0, 2, 'User %s logged out', array($this->user['username']));
}
// Logout written to log
if ($this->writeDevLog) {
t3lib_div::devLog('User logged out. Id: ' . $this->id, 't3lib_userAuth', -1);
}
$this->logoff();
}
// active login (eg. with login form)
if ($loginData['status'] == 'login') {
$activeLogin = TRUE;
if ($this->writeDevLog) {
t3lib_div::devLog('Active login (eg. with login form)', 't3lib_userAuth');
}
// check referer for submitted login values
if ($this->formfield_status && $loginData['uident'] && $loginData['uname']) {
$httpHost = t3lib_div::getIndpEnv('TYPO3_HOST_ONLY');
if (!$this->getMethodEnabled && ($httpHost != $authInfo['refInfo']['host'] && !$GLOBALS['TYPO3_CONF_VARS']['SYS']['doNotCheckReferer'])) {
throw new RuntimeException('TYPO3 Fatal Error: Error: This host address ("' . $httpHost . '") and the referer host ("' . $authInfo['refInfo']['host'] . '") mismatches!<br />
It\'s possible that the environment variable HTTP_REFERER is not passed to the script because of a proxy.<br />
The site administrator can disable this check in the "All Configuration" section of the Install Tool (flag: TYPO3_CONF_VARS[SYS][doNotCheckReferer]).', 1270853930);
}
// delete old user session if any
$this->logoff();
}
// Refuse login for _CLI users, if not processing a CLI request type
// (although we shouldn't be here in case of a CLI request type)
if (strtoupper(substr($loginData['uname'], 0, 5)) == '_CLI_' && !(TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_CLI)) {
throw new RuntimeException('TYPO3 Fatal Error: You have tried to login using a CLI user. Access prohibited!', 1270853931);
}
}
// the following code makes auto-login possible (if configured). No submitted data needed
// determine whether we need to skip session update.
// This is used mainly for checking session timeout without
// refreshing the session itself while checking.
if (t3lib_div::_GP('skipSessionUpdate')) {
$skipSessionUpdate = true;
} else {
$skipSessionUpdate = false;
}
// re-read user session
$authInfo['userSession'] = $this->fetchUserSession($skipSessionUpdate);
$haveSession = is_array($authInfo['userSession']) ? TRUE : FALSE;
if ($this->writeDevLog) {
if ($haveSession) {
t3lib_div::devLog('User session found: ' . t3lib_div::arrayToLogString($authInfo['userSession'], array($this->userid_column, $this->username_column)), 't3lib_userAuth', 0);
}
if (is_array($this->svConfig['setup'])) {
t3lib_div::devLog('SV setup: ' . t3lib_div::arrayToLogString($this->svConfig['setup']), 't3lib_userAuth', 0);
}
}
// fetch user if ...
if ($activeLogin || !$haveSession && $this->svConfig['setup'][$this->loginType . '_fetchUserIfNoSession'] || $this->svConfig['setup'][$this->loginType . '_alwaysFetchUser']) {
// use 'auth' service to find the user
// first found user will be used
$serviceChain = '';
$subType = 'getUser' . $this->loginType;
while (is_object($serviceObj = t3lib_div::makeInstanceService('auth', $subType, $serviceChain))) {
$serviceChain .= ',' . $serviceObj->getServiceKey();
$serviceObj->initAuth($subType, $loginData, $authInfo, $this);
if ($row = $serviceObj->getUser()) {
$tempuserArr[] = $row;
if ($this->writeDevLog) {
t3lib_div::devLog('User found: ' . t3lib_div::arrayToLogString($row, array($this->userid_column, $this->username_column)), 't3lib_userAuth', 0);
}
// user found, just stop to search for more if not configured to go on
if (!$this->svConfig['setup'][$this->loginType . '_fetchAllUsers']) {
break;
}
}
unset($serviceObj);
}
unset($serviceObj);
if ($this->writeDevLog && $this->svConfig['setup'][$this->loginType . '_alwaysFetchUser']) {
t3lib_div::devLog($this->loginType . '_alwaysFetchUser option is enabled', 't3lib_userAuth');
}
if ($this->writeDevLog && $serviceChain) {
t3lib_div::devLog($subType . ' auth services called: ' . $serviceChain, 't3lib_userAuth');
}
if ($this->writeDevLog && !count($tempuserArr)) {
t3lib_div::devLog('No user found by services', 't3lib_userAuth');
}
if ($this->writeDevLog && count($tempuserArr)) {
t3lib_div::devLog(count($tempuserArr) . ' user records found by services', 't3lib_userAuth');
}
}
// If no new user was set we use the already found user session
if (!count($tempuserArr) && $haveSession) {
$tempuserArr[] = $authInfo['userSession'];
$tempuser = $authInfo['userSession'];
// User is authenticated because we found a user session
$authenticated = TRUE;
if ($this->writeDevLog) {
t3lib_div::devLog('User session used: ' . t3lib_div::arrayToLogString($authInfo['userSession'], array($this->userid_column, $this->username_column)), 't3lib_userAuth');
}
}
// Re-auth user when 'auth'-service option is set
if ($this->svConfig['setup'][$this->loginType . '_alwaysAuthUser']) {
$authenticated = FALSE;
if ($this->writeDevLog) {
t3lib_div::devLog('alwaysAuthUser option is enabled', 't3lib_userAuth');
}
}
// Authenticate the user if needed
if (count($tempuserArr) && !$authenticated) {
foreach ($tempuserArr as $tempuser) {
// use 'auth' service to authenticate the user
// if one service returns FALSE then authentication failed
// a service might return 100 which means there's no reason to stop but the user can't be authenticated by that service
if ($this->writeDevLog) {
t3lib_div::devLog('Auth user: '******'t3lib_userAuth');
}
$serviceChain = '';
$subType = 'authUser' . $this->loginType;
while (is_object($serviceObj = t3lib_div::makeInstanceService('auth', $subType, $serviceChain))) {
$serviceChain .= ',' . $serviceObj->getServiceKey();
$serviceObj->initAuth($subType, $loginData, $authInfo, $this);
if (($ret = $serviceObj->authUser($tempuser)) > 0) {
// if the service returns >=200 then no more checking is needed - useful for IP checking without password
if (intval($ret) >= 200) {
$authenticated = TRUE;
break;
} elseif (intval($ret) >= 100) {
// Just go on. User is still not authenticated but there's no reason to stop now.
} else {
$authenticated = TRUE;
}
} else {
$authenticated = FALSE;
break;
}
unset($serviceObj);
}
unset($serviceObj);
if ($this->writeDevLog && $serviceChain) {
t3lib_div::devLog($subType . ' auth services called: ' . $serviceChain, 't3lib_userAuth');
}
if ($authenticated) {
// leave foreach() because a user is authenticated
break;
}
}
}
// If user is authenticated a valid user is in $tempuser
if ($authenticated) {
// reset failure flag
$this->loginFailure = FALSE;
// Insert session record if needed:
if (!($haveSession && ($tempuser['ses_id'] == $this->id || $tempuser['uid'] == $authInfo['userSession']['ses_userid']))) {
$this->createUserSession($tempuser);
// The login session is started.
$this->loginSessionStarted = TRUE;
}
// User logged in - write that to the log!
if ($this->writeStdLog && $activeLogin) {
$this->writelog(255, 1, 0, 1, 'User %s logged in from %s (%s)', array($tempuser[$this->username_column], t3lib_div::getIndpEnv('REMOTE_ADDR'), t3lib_div::getIndpEnv('REMOTE_HOST')), '', '', '', -1, '', $tempuser['uid']);
}
if ($this->writeDevLog && $activeLogin) {
t3lib_div::devLog('User ' . $tempuser[$this->username_column] . ' logged in from ' . t3lib_div::getIndpEnv('REMOTE_ADDR') . ' (' . t3lib_div::getIndpEnv('REMOTE_HOST') . ')', 't3lib_userAuth', -1);
}
if ($this->writeDevLog && !$activeLogin) {
t3lib_div::devLog('User ' . $tempuser[$this->username_column] . ' authenticated from ' . t3lib_div::getIndpEnv('REMOTE_ADDR') . ' (' . t3lib_div::getIndpEnv('REMOTE_HOST') . ')', 't3lib_userAuth', -1);
}
if ($GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] == 3 && $this->user_table == 'be_users') {
$requestStr = substr(t3lib_div::getIndpEnv('TYPO3_REQUEST_SCRIPT'), strlen(t3lib_div::getIndpEnv('TYPO3_SITE_URL') . TYPO3_mainDir));
$backendScript = t3lib_BEfunc::getBackendScript();
if ($requestStr == $backendScript && t3lib_div::getIndpEnv('TYPO3_SSL')) {
list(, $url) = explode('://', t3lib_div::getIndpEnv('TYPO3_SITE_URL'), 2);
list($server, $address) = explode('/', $url, 2);
if (intval($TYPO3_CONF_VARS['BE']['lockSSLPort'])) {
$sslPortSuffix = ':' . intval($TYPO3_CONF_VARS['BE']['lockSSLPort']);
$server = str_replace($sslPortSuffix, '', $server);
// strip port from server
}
t3lib_utility_Http::redirect('http://' . $server . '/' . $address . TYPO3_mainDir . $backendScript);
}
}
} elseif ($activeLogin || count($tempuserArr)) {
$this->loginFailure = TRUE;
if ($this->writeDevLog && !count($tempuserArr) && $activeLogin) {
t3lib_div::devLog('Login failed: ' . t3lib_div::arrayToLogString($loginData), 't3lib_userAuth', 2);
}
if ($this->writeDevLog && count($tempuserArr)) {
t3lib_div::devLog('Login failed: ' . t3lib_div::arrayToLogString($tempuser, array($this->userid_column, $this->username_column)), 't3lib_userAuth', 2);
}
}
// If there were a login failure, check to see if a warning email should be sent:
if ($this->loginFailure && $activeLogin) {
if ($this->writeDevLog) {
t3lib_div::devLog('Call checkLogFailures: ' . t3lib_div::arrayToLogString(array('warningEmail' => $this->warningEmail, 'warningPeriod' => $this->warningPeriod, 'warningMax' => $this->warningMax)), 't3lib_userAuth', -1);
}
$this->checkLogFailures($this->warningEmail, $this->warningPeriod, $this->warningMax);
}
}
/**
* Creates the content for the "edit" section ("module") of the Admin Panel
*
* @return string HTML content for the section. Consists of a string with table-rows with four columns.
* @see display()
*/
protected function getEditModule()
{
$out = $this->extGetHead('edit');
if ($GLOBALS['BE_USER']->uc['TSFE_adminConfig']['display_edit']) {
// If another page module was specified, replace the default Page module with the new one
$newPageModule = trim($GLOBALS['BE_USER']->getTSConfigVal('options.overridePageModule'));
$pageModule = t3lib_BEfunc::isModuleSetInTBE_MODULES($newPageModule) ? $newPageModule : 'web_layout';
$this->extNeedUpdate = true;
$out .= $this->extGetItem('edit_displayFieldIcons', '', '<input type="hidden" name="TSFE_ADMIN_PANEL[edit_displayFieldIcons]" value="0" /><input type="checkbox" name="TSFE_ADMIN_PANEL[edit_displayFieldIcons]" value="1"' . ($GLOBALS['BE_USER']->uc['TSFE_adminConfig']['edit_displayFieldIcons'] ? ' checked="checked"' : '') . ' />');
$out .= $this->extGetItem('edit_displayIcons', '', '<input type="hidden" name="TSFE_ADMIN_PANEL[edit_displayIcons]" value="0" /><input type="checkbox" name="TSFE_ADMIN_PANEL[edit_displayIcons]" value="1"' . ($GLOBALS['BE_USER']->uc['TSFE_adminConfig']['edit_displayIcons'] ? ' checked="checked"' : '') . ' />');
$out .= $this->extGetItem('edit_editFormsOnPage', '', '<input type="hidden" name="TSFE_ADMIN_PANEL[edit_editFormsOnPage]" value="0" /><input type="checkbox" name="TSFE_ADMIN_PANEL[edit_editFormsOnPage]" value="1"' . ($GLOBALS['BE_USER']->uc['TSFE_adminConfig']['edit_editFormsOnPage'] ? ' checked="checked"' : '') . ' />');
$out .= $this->extGetItem('edit_editNoPopup', '', '<input type="hidden" name="TSFE_ADMIN_PANEL[edit_editNoPopup]" value="0" /><input type="checkbox" name="TSFE_ADMIN_PANEL[edit_editNoPopup]" value="1"' . ($GLOBALS['BE_USER']->uc['TSFE_adminConfig']['edit_editNoPopup'] ? ' checked="checked"' : '') . ' />');
$out .= $this->extGetItem('', $this->ext_makeToolBar());
if (!t3lib_div::_GP('ADMCMD_view')) {
$out .= $this->extGetItem('', '<a href="#" onclick="' . htmlspecialchars('
if (parent.opener && parent.opener.top && parent.opener.top.TS) {
parent.opener.top.fsMod.recentIds["web"]=' . intval($GLOBALS['TSFE']->page['uid']) . ';
if (parent.opener.top.content && parent.opener.top.content.nav_frame && parent.opener.top.content.nav_frame.refresh_nav) {
parent.opener.top.content.nav_frame.refresh_nav();
}
parent.opener.top.goToModule("' . $pageModule . '");
parent.opener.top.focus();
} else {
vHWin=window.open(\'' . TYPO3_mainDir . t3lib_BEfunc::getBackendScript() . '\',\'' . md5('Typo3Backend-' . $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']) . '\',\'status=1,menubar=1,scrollbars=1,resizable=1\');
vHWin.focus();
}
return false;
') . '">' . $this->extGetLL('edit_openAB') . '</a>');
}
}
return $out;
}
