/**
* Render the debug bar
*/
public static function render()
{
if (\TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask'])) {
$debugbarRenderer = $GLOBALS['debugbar']->getJavascriptRenderer();
$debugbarRenderer->setBaseUrl('typo3conf/ext/typo3profiler/Classes/Lib/DebugBar/vendor/maximebf/debugbar/src/DebugBar/Resources')->setEnableJqueryNoConflict(false);
self::renderPhp();
self::renderPage();
self::renderTyposcript();
//self::renderContents();
$GLOBALS['TSFE']->content = str_replace('</head>', $debugbarRenderer->renderHead() . '</head>', $GLOBALS['TSFE']->content);
$GLOBALS['TSFE']->content = str_replace('</body>', $debugbarRenderer->render() . '</body>', $GLOBALS['TSFE']->content);
}
}
/**
* Find user which matches provided ip
*
* @param $userIp
* @return array|bool
*/
protected function findUserByIp($userIp)
{
$user = FALSE;
foreach ($this->ipConfigurations as $ipConfiguration) {
$userId = $ipConfiguration['feusers'];
// Check if ip address matches && user ID is valid
if ($userId > 0 && GeneralUtility::cmpIP($userIp, $ipConfiguration['ip'])) {
// Get user from database
$user = $this->pObj->getRawUserByUid($userId);
break;
}
}
return $user;
}
function debug($variable = '', $name = '*variable*', $line = '*line*', $file = '*file*', $recursiveDepth = 3, $debugLevel = E_DEBUG)
{
// If you wish to use the debug()-function, and it does not output something,
// please edit the IP mask in TYPO3_CONF_VARS
if (!\TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask'])) {
return;
}
if (is_object($GLOBALS['error']) && @is_callable([$GLOBALS['error'], 'debug'])) {
$GLOBALS['error']->debug($variable, $name, $line, $file, $recursiveDepth, $debugLevel);
} else {
$title = $name === '*variable*' ? '' : $name;
$group = $line === '*line*' ? null : $line;
\TYPO3\CMS\Core\Utility\DebugUtility::debug($variable, $title, $group);
}
}
/**
* Find usergroup records, currently only for frontend
*
* @param array $user Data of user.
* @param array $knownGroups Group data array of already known groups. This is handy if you want select other related groups. Keys in this array are unique IDs of those groups.
* @return mixed Groups array, keys = uid which must be unique
*/
public function getGroups($user, $knownGroups)
{
/*
* Attention: $knownGroups is not used within this method, but other services can use it.
* This parameter should not be removed!
* The FrontendUserAuthentication call getGroups and handover the previous detected groups.
*/
$groupDataArr = array();
if ($this->mode === 'getGroupsFE') {
$groups = array();
if (is_array($user) && $user[$this->db_user['usergroup_column']]) {
$groupList = $user[$this->db_user['usergroup_column']];
$groups = array();
$this->getSubGroups($groupList, '', $groups);
}
// ADD group-numbers if the IPmask matches.
if (is_array($GLOBALS['TYPO3_CONF_VARS']['FE']['IPmaskMountGroups'])) {
foreach ($GLOBALS['TYPO3_CONF_VARS']['FE']['IPmaskMountGroups'] as $IPel) {
if ($this->authInfo['REMOTE_ADDR'] && $IPel[0] && GeneralUtility::cmpIP($this->authInfo['REMOTE_ADDR'], $IPel[0])) {
$groups[] = (int) $IPel[1];
}
}
}
$groups = array_unique($groups);
if (!empty($groups)) {
$list = implode(',', $groups);
if ($this->writeDevLog) {
GeneralUtility::devLog('Get usergroups with id: ' . $list, __CLASS__);
}
$lockToDomain_SQL = ' AND (lockToDomain=\'\' OR lockToDomain IS NULL OR lockToDomain=\'' . $this->authInfo['HTTP_HOST'] . '\')';
$hiddenP = !$this->authInfo['showHiddenRecords'] ? 'AND hidden=0 ' : '';
$res = $this->getDatabaseConnection()->exec_SELECTquery('*', $this->db_groups['table'], 'deleted=0 ' . $hiddenP . ' AND uid IN (' . $list . ')' . $lockToDomain_SQL);
while ($row = $this->getDatabaseConnection()->sql_fetch_assoc($res)) {
$groupDataArr[$row['uid']] = $row;
}
if ($res) {
$this->getDatabaseConnection()->sql_free_result($res);
}
} else {
if ($this->writeDevLog) {
GeneralUtility::devLog('No usergroups found.', AuthenticationService::class, 2);
}
}
}
return $groupDataArr;
}
/**
* If TYPO3_CONF_VARS['BE']['enabledBeUserIPLock'] is enabled and
* an IP-list is found in the User TSconfig objString "options.lockToIP",
* then make an IP comparison with REMOTE_ADDR and return the outcome (TRUE/FALSE)
*
* @return boolean TRUE, if IP address validates OK (or no check is done at all)
* @todo Define visibility
*/
public function checkLockToIP()
{
$out = 1;
if ($GLOBALS['TYPO3_CONF_VARS']['BE']['enabledBeUserIPLock']) {
$IPList = $this->getTSConfigVal('options.lockToIP');
if (trim($IPList)) {
$baseIP = GeneralUtility::getIndpEnv('REMOTE_ADDR');
$out = GeneralUtility::cmpIP($baseIP, $IPList);
}
}
return $out;
}
public function execAndProfileQuery($query, $type)
{
if (empty($GLOBALS['TYPO3_DB']->mysqlprofilerConf['excludeTables'])) {
$this->init();
}
$isProfiling = $this->isProfiling($query, $type);
if ($isProfiling) {
$begin = microtime(true);
}
// exec query
if (Typo3profiler_Utility_Compatibility::intFromVer(TYPO3_version) > 6000000) {
if (!$this->isConnected) {
$this->connectDB();
}
$res = $this->link->query($query);
} else {
$res = mysql_query($query, $this->link);
}
if ($isProfiling) {
$deltatime = round((microtime(true) - $begin) * 1000, 8);
if ($GLOBALS['TSFE']->id == 0) {
$debugFunc = $this->get_caller_method(3);
} else {
$debugFunc = $this->get_caller_method(2);
}
if (TYPO3_MODE == 'BE') {
$debugFunc = $this->get_caller_method(3);
}
$debug = array('type' => $type, 'query' => $query, 'time' => $deltatime, 'backtrace' => $debugFunc, 'typo3mode' => TYPO3_MODE, 'page' => $GLOBALS['TSFE']->id !== null ? $GLOBALS['TSFE']->id : '');
if ($GLOBALS['TYPO3_DB']->mysqlprofilerConf['debugbarenabled'] == 1) {
if (\TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask'])) {
$GLOBALS['debugbar']['queries']->info('[' . $deltatime . '] ' . $query . ' --> ' . $debugFunc['file'] . ' @ ' . $debugFunc['line'] . ' : ' . $debugFunc['function']);
}
}
$this->profiledQueries[] = $debug;
if (TYPO3_MODE == 'BE') {
$this->cleanSqlLog();
$this->insertSqlLog($debug);
}
}
return $res;
}
/**
* Checks if the current client ip is allowed.
*
* @param string $whitelist
* The ip whitelist.
*
* @return bool
* Whether the current client ip is allowed or not.
*/
public function isAllowedIp($whitelist)
{
$remote = $_SERVER['REMOTE_ADDR'];
// Use TYPO3 v6+ cmpIP if possible.
if (is_callable(array('TYPO3\\CMS\\Core\\Utility\\GeneralUtility', 'cmpIP'))) {
return \TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP($remote, $whitelist);
}
// Use TYPO3 v6- cmpIP if possible.
if (is_callable(array('t3lib_div', 'cmpIP'))) {
return \t3lib_div::cmpIP($remote, $whitelist);
}
// Fallback to the Chin Leung implementation.
// @author Chin Leung
// @see https://stackoverflow.com/questions/35559119/php-ip-address-whitelist-with-wildcards
$whitelist = explode(',', $whitelist);
if (in_array($remote, $whitelist)) {
// If the ip is matched, return true.
return true;
} else {
// Check the wildcards.
foreach ($whitelist as $ip) {
$ip = trim($ip);
$wildcardPos = strpos($ip, "*");
# Check if the ip has a wildcard
if ($wildcardPos !== false && substr($remote, 0, $wildcardPos) . "*" == $ip) {
return true;
}
}
}
return false;
}
/**
* Explain select queries
* If $this->explainOutput is set, SELECT queries will be explained here. Only queries with more than one possible result row will be displayed.
* The output is either printed as raw HTML output or embedded into the TS admin panel (checkbox must be enabled!)
*
* @todo Feature is not DBAL-compliant
*
* @param string $query SQL query
* @param string $from_table Table(s) from which to select. This is what comes right after "FROM ...". Required value.
* @param int $row_count Number of resulting rows
* @return bool TRUE if explain was run, FALSE otherwise
*/
protected function explain($query, $from_table, $row_count)
{
$debugAllowedForIp = GeneralUtility::cmpIP(GeneralUtility::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask']);
if ((int) $this->explainOutput == 1 || (int) $this->explainOutput == 2 && $debugAllowedForIp) {
// Raw HTML output
$explainMode = 1;
} elseif ((int) $this->explainOutput == 3 && is_object($GLOBALS['TT'])) {
// Embed the output into the TS admin panel
$explainMode = 2;
} else {
return false;
}
$error = $this->sql_error();
$trail = \TYPO3\CMS\Core\Utility\DebugUtility::debugTrail();
$explain_tables = array();
$explain_output = array();
$res = $this->sql_query('EXPLAIN ' . $query, $this->link);
if (is_a($res, '\\mysqli_result')) {
while ($tempRow = $this->sql_fetch_assoc($res)) {
$explain_output[] = $tempRow;
$explain_tables[] = $tempRow['table'];
}
$this->sql_free_result($res);
}
$indices_output = array();
// Notice: Rows are skipped if there is only one result, or if no conditions are set
if ($explain_output[0]['rows'] > 1 || GeneralUtility::inList('ALL', $explain_output[0]['type'])) {
// Only enable output if it's really useful
$debug = true;
foreach ($explain_tables as $table) {
$tableRes = $this->sql_query('SHOW TABLE STATUS LIKE \'' . $table . '\'');
$isTable = $this->sql_num_rows($tableRes);
if ($isTable) {
$res = $this->sql_query('SHOW INDEX FROM ' . $table, $this->link);
if (is_a($res, '\\mysqli_result')) {
while ($tempRow = $this->sql_fetch_assoc($res)) {
$indices_output[] = $tempRow;
}
$this->sql_free_result($res);
}
}
$this->sql_free_result($tableRes);
}
} else {
$debug = false;
}
if ($debug) {
if ($explainMode) {
$data = array();
$data['query'] = $query;
$data['trail'] = $trail;
$data['row_count'] = $row_count;
if ($error) {
$data['error'] = $error;
}
if (!empty($explain_output)) {
$data['explain'] = $explain_output;
}
if (!empty($indices_output)) {
$data['indices'] = $indices_output;
}
if ($explainMode == 1) {
\TYPO3\CMS\Core\Utility\DebugUtility::debug($data, 'Tables: ' . $from_table, 'DB SQL EXPLAIN');
} elseif ($explainMode == 2) {
$GLOBALS['TT']->setTSselectQuery($data);
}
}
return true;
}
return false;
}
/**
* Returns a link to the BE login screen with redirect to the front-end
*
* @return string HTML, a tag for a link to the backend.
* @todo Define visibility
*/
public function beLoginLinkIPList()
{
if (!empty($this->config['config']['beLoginLinkIPList'])) {
if (\TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REMOTE_ADDR'), $this->config['config']['beLoginLinkIPList'])) {
$label = !$this->beUserLogin ? $this->config['config']['beLoginLinkIPList_login'] : $this->config['config']['beLoginLinkIPList_logout'];
if ($label) {
if (!$this->beUserLogin) {
$link = '<a href="' . htmlspecialchars(TYPO3_mainDir . 'index.php?redirect_url=' . rawurlencode(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REQUEST_URI'))) . '">' . $label . '</a>';
} else {
$link = '<a href="' . htmlspecialchars(TYPO3_mainDir . 'index.php?L=OUT&redirect_url=' . rawurlencode(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REQUEST_URI'))) . '">' . $label . '</a>';
}
return $link;
}
}
}
}
/**
* Handles a frontend request
*
* @param \Psr\Http\Message\ServerRequestInterface $request
* @return NULL|\Psr\Http\Message\ResponseInterface
*/
public function handleRequest(\Psr\Http\Message\ServerRequestInterface $request)
{
$response = null;
$this->request = $request;
$this->initializeTimeTracker();
// Hook to preprocess the current request:
if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/index_ts.php']['preprocessRequest'])) {
foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/index_ts.php']['preprocessRequest'] as $hookFunction) {
$hookParameters = array();
GeneralUtility::callUserFunction($hookFunction, $hookParameters, $hookParameters);
}
unset($hookFunction);
unset($hookParameters);
}
$this->initializeController();
if ($GLOBALS['TYPO3_CONF_VARS']['FE']['pageUnavailable_force'] && !GeneralUtility::cmpIP(GeneralUtility::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask'])) {
$this->controller->pageUnavailableAndExit('This page is temporarily unavailable.');
}
$this->controller->connectToDB();
$this->controller->sendRedirect();
// Output compression
// Remove any output produced until now
$this->bootstrap->endOutputBufferingAndCleanPreviousOutput();
$this->initializeOutputCompression();
// Initializing the Frontend User
$this->timeTracker->push('Front End user initialized', '');
$this->controller->initFEuser();
$this->timeTracker->pull();
// Initializing a possible logged-in Backend User
/** @var $GLOBALS['BE_USER'] \TYPO3\CMS\Backend\FrontendBackendUserAuthentication */
$GLOBALS['BE_USER'] = $this->controller->initializeBackendUser();
// Process the ID, type and other parameters.
// After this point we have an array, $page in TSFE, which is the page-record
// of the current page, $id.
$this->timeTracker->push('Process ID', '');
// Initialize admin panel since simulation settings are required here:
if ($this->controller->isBackendUserLoggedIn()) {
$GLOBALS['BE_USER']->initializeAdminPanel();
$this->bootstrap->initializeBackendRouter()->loadExtensionTables();
} else {
$this->bootstrap->loadCachedTca();
}
$this->controller->checkAlternativeIdMethods();
$this->controller->clear_preview();
$this->controller->determineId();
// Now, if there is a backend user logged in and he has NO access to this page,
// then re-evaluate the id shown! _GP('ADMCMD_noBeUser') is placed here because
// \TYPO3\CMS\Version\Hook\PreviewHook might need to know if a backend user is logged in.
if ($this->controller->isBackendUserLoggedIn() && (!$GLOBALS['BE_USER']->extPageReadAccess($this->controller->page) || GeneralUtility::_GP('ADMCMD_noBeUser'))) {
// Remove user
unset($GLOBALS['BE_USER']);
$this->controller->beUserLogin = false;
// Re-evaluate the page-id.
$this->controller->checkAlternativeIdMethods();
$this->controller->clear_preview();
$this->controller->determineId();
}
$this->controller->makeCacheHash();
$this->timeTracker->pull();
// Admin Panel & Frontend editing
if ($this->controller->isBackendUserLoggedIn()) {
$GLOBALS['BE_USER']->initializeFrontendEdit();
if ($GLOBALS['BE_USER']->adminPanel instanceof AdminPanelView) {
$this->bootstrap->initializeLanguageObject();
}
if ($GLOBALS['BE_USER']->frontendEdit instanceof FrontendEditingController) {
$GLOBALS['BE_USER']->frontendEdit->initConfigOptions();
}
}
// Starts the template
$this->timeTracker->push('Start Template', '');
$this->controller->initTemplate();
$this->timeTracker->pull();
// Get from cache
$this->timeTracker->push('Get Page from cache', '');
$this->controller->getFromCache();
$this->timeTracker->pull();
// Get config if not already gotten
// After this, we should have a valid config-array ready
$this->controller->getConfigArray();
// Setting language and locale
$this->timeTracker->push('Setting language and locale', '');
$this->controller->settingLanguage();
$this->controller->settingLocale();
$this->timeTracker->pull();
// Convert POST data to utf-8 for internal processing if metaCharset is different
$this->controller->convPOSTCharset();
$this->controller->initializeRedirectUrlHandlers();
$this->controller->handleDataSubmission();
// Check for shortcut page and redirect
$this->controller->checkPageForShortcutRedirect();
$this->controller->checkPageForMountpointRedirect();
// Generate page
$this->controller->setUrlIdToken();
$this->timeTracker->push('Page generation', '');
if ($this->controller->isGeneratePage()) {
$this->controller->generatePage_preProcessing();
$temp_theScript = $this->controller->generatePage_whichScript();
if ($temp_theScript) {
include $temp_theScript;
} else {
PageGenerator::pagegenInit();
// Global content object
$this->controller->newCObj();
// Content generation
if (!$this->controller->isINTincScript()) {
PageGenerator::renderContent();
$this->controller->setAbsRefPrefix();
}
}
$this->controller->generatePage_postProcessing();
} elseif ($this->controller->isINTincScript()) {
PageGenerator::pagegenInit();
// Global content object
$this->controller->newCObj();
}
$this->controller->releaseLocks();
$this->timeTracker->pull();
// Render non-cached parts
if ($this->controller->isINTincScript()) {
$this->timeTracker->push('Non-cached objects', '');
$this->controller->INTincScript();
$this->timeTracker->pull();
}
// Output content
$sendTSFEContent = false;
if ($this->controller->isOutputting()) {
$this->timeTracker->push('Print Content', '');
$this->controller->processOutput();
$sendTSFEContent = true;
$this->timeTracker->pull();
}
// Store session data for fe_users
$this->controller->storeSessionData();
// Statistics
$GLOBALS['TYPO3_MISC']['microtime_end'] = microtime(true);
$this->controller->setParseTime();
if (isset($this->controller->config['config']['debug'])) {
$debugParseTime = (bool) $this->controller->config['config']['debug'];
} else {
$debugParseTime = !empty($this->controller->TYPO3_CONF_VARS['FE']['debug']);
}
if ($this->controller->isOutputting() && $debugParseTime) {
$this->controller->content .= LF . '<!-- Parsetime: ' . $this->controller->scriptParseTime . 'ms -->';
}
$this->controller->redirectToExternalUrl();
// Preview info
$this->controller->previewInfo();
// Hook for end-of-frontend
$this->controller->hook_eofe();
// Finish timetracking
$this->timeTracker->pull();
// Check memory usage
MonitorUtility::peakMemoryUsage();
// beLoginLinkIPList
echo $this->controller->beLoginLinkIPList();
// Admin panel
if ($this->controller->isBackendUserLoggedIn() && $GLOBALS['BE_USER'] instanceof FrontendBackendUserAuthentication) {
if ($GLOBALS['BE_USER']->extAdmEnabled) {
// Style sheet is also used for frontend editing.
$this->controller->content = str_ireplace('</head>', $GLOBALS['BE_USER']->adminPanel->getAdminPanelHeaderData() . '</head>', $this->controller->content);
}
if ($GLOBALS['BE_USER']->isAdminPanelVisible()) {
$this->controller->content = str_ireplace('</body>', $GLOBALS['BE_USER']->displayAdminPanel() . '</body>', $this->controller->content);
}
}
if ($sendTSFEContent) {
/** @var \TYPO3\CMS\Core\Http\Response $response */
$response = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Http\Response::class);
$response->getBody()->write($this->controller->content);
}
// Debugging Output
if (isset($GLOBALS['error']) && is_object($GLOBALS['error']) && @is_callable(array($GLOBALS['error'], 'debugOutput'))) {
$GLOBALS['error']->debugOutput();
}
if (TYPO3_DLOG) {
GeneralUtility::devLog('END of FRONTEND session', 'cms', 0, array('_FLUSH' => true));
}
return $response;
}
/**
* Find usergroup records, currently only for frontend
*
* @param array $user Data of user.
* @param array $knownGroups Group data array of already known groups. This is handy if you want select other related groups. Keys in this array are unique IDs of those groups.
* @return mixed Groups array, keys = uid which must be unique
* @todo Define visibility
*/
public function getGroups($user, $knownGroups)
{
global $TYPO3_CONF_VARS;
$groupDataArr = array();
if ($this->mode == 'getGroupsFE') {
$groups = array();
if (is_array($user) && $user[$this->db_user['usergroup_column']]) {
$groupList = $user[$this->db_user['usergroup_column']];
$groups = array();
$this->getSubGroups($groupList, '', $groups);
}
// ADD group-numbers if the IPmask matches.
if (is_array($TYPO3_CONF_VARS['FE']['IPmaskMountGroups'])) {
foreach ($TYPO3_CONF_VARS['FE']['IPmaskMountGroups'] as $IPel) {
if ($this->authInfo['REMOTE_ADDR'] && $IPel[0] && \TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP($this->authInfo['REMOTE_ADDR'], $IPel[0])) {
$groups[] = (int) $IPel[1];
}
}
}
$groups = array_unique($groups);
if (count($groups)) {
$list = implode(',', $groups);
if ($this->writeDevLog) {
\TYPO3\CMS\Core\Utility\GeneralUtility::devLog('Get usergroups with id: ' . $list, 'TYPO3\\CMS\\Sv\\AuthenticationService');
}
$lockToDomain_SQL = ' AND (lockToDomain=\'\' OR lockToDomain IS NULL OR lockToDomain=\'' . $this->authInfo['HTTP_HOST'] . '\')';
if (!$this->authInfo['showHiddenRecords']) {
$hiddenP = 'AND hidden=0 ';
}
$res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', $this->db_groups['table'], 'deleted=0 ' . $hiddenP . ' AND uid IN (' . $list . ')' . $lockToDomain_SQL);
while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) {
$groupDataArr[$row['uid']] = $row;
}
if ($res) {
$GLOBALS['TYPO3_DB']->sql_free_result($res);
}
} else {
if ($this->writeDevLog) {
\TYPO3\CMS\Core\Utility\GeneralUtility::devLog('No usergroups found.', 'TYPO3\\CMS\\Sv\\AuthenticationService', 2);
}
}
} elseif ($this->mode == 'getGroupsBE') {
}
return $groupDataArr;
}
/**
* Authenticate a user
* Return 200 if the IP is right. This means that no more checks are needed. Otherwise authentication may fail because we may don't have a password.
*
* @param array Data of user.
* @return boolean
*/
function authUser($user)
{
$ret = self::STATUS_AUTHENTICATION_SUCCESS_CONTINUE;
// any auto option set?
if ($user['tx_pxipauth_mode'] > 0) {
$IPList = trim($user['tx_pxipauth_ip_list']);
// auto IP login only
if ($user['tx_pxipauth_mode'] == self::LOGIN_MODE_AUTO_ONLY) {
// we check always - also without an given IP
$ret = \TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP($this->getClientIp(), $IPList);
$ret = $ret ? self::STATUS_AUTHENTICATION_SUCCESS_BREAK : self::STATUS_AUTHENTICATION_FAILURE_BREAK;
// this option is checked with an given IP only
} elseif ($IPList) {
$ret = \TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP($this->getClientIp(), $IPList);
$ret = $ret ? self::STATUS_AUTHENTICATION_SUCCESS_BREAK : self::STATUS_AUTHENTICATION_SUCCESS_CONTINUE;
}
}
// Checking the domain (lockToDomain)
if ($ret && $user['lockToDomain'] && $user['lockToDomain'] != $this->authInfo['HTTP_HOST']) {
// Lock domain didn't match, so error:
if ($this->writeAttemptLog) {
$this->writelog(255, 3, 3, 1, 'Login-attempt from %s (%s), username \'%s\', locked domain \'%s\' did not match \'%s\'!', array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->db_user['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST']));
\TYPO3\CMS\Core\Utility\GeneralUtility::sysLog(sprintf('Login-attempt from %s (%s), username \'%s\', locked domain \'%s\' did not match \'%s\'!', $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->db_user['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST']), 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_WARNING);
}
$ret = self::STATUS_AUTHENTICATION_FAILURE_BREAK;
}
return $ret;
}
/**
* Handles a frontend request
*
* @return void
*/
public function handleRequest()
{
\TYPO3\CMS\Core\Core\Bootstrap::getInstance()->loadTypo3LoadedExtAndExtLocalconf(TRUE)->applyAdditionalConfigurationSettings();
// Timetracking started
$configuredCookieName = trim($GLOBALS['TYPO3_CONF_VARS']['BE']['cookieName']);
if (empty($configuredCookieName)) {
$configuredCookieName = 'be_typo_user';
}
if ($_COOKIE[$configuredCookieName]) {
$GLOBALS['TT'] = new \TYPO3\CMS\Core\TimeTracker\TimeTracker();
} else {
$GLOBALS['TT'] = new \TYPO3\CMS\Core\TimeTracker\NullTimeTracker();
}
$GLOBALS['TT']->start();
\TYPO3\CMS\Core\Core\Bootstrap::getInstance()->initializeTypo3DbGlobal();
// Hook to preprocess the current request:
if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/index_ts.php']['preprocessRequest'])) {
foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/index_ts.php']['preprocessRequest'] as $hookFunction) {
$hookParameters = array();
\TYPO3\CMS\Core\Utility\GeneralUtility::callUserFunction($hookFunction, $hookParameters, $hookParameters);
}
unset($hookFunction);
unset($hookParameters);
}
// Look for extension ID which will launch alternative output engine
if ($temp_extId = \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('eID')) {
if ($classPath = \TYPO3\CMS\Core\Utility\GeneralUtility::getFileAbsFileName($GLOBALS['TYPO3_CONF_VARS']['FE']['eID_include'][$temp_extId])) {
// Remove any output produced until now
ob_clean();
require $classPath;
}
die;
}
/** @var $GLOBALS['TSFE'] \TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController */
$GLOBALS['TSFE'] = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Frontend\\Controller\\TypoScriptFrontendController', $GLOBALS['TYPO3_CONF_VARS'], \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('id'), \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('type'), \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('no_cache'), \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('cHash'), \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('jumpurl'), \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('MP'), \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('RDCT'));
if ($GLOBALS['TYPO3_CONF_VARS']['FE']['pageUnavailable_force'] && !\TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask'])) {
$GLOBALS['TSFE']->pageUnavailableAndExit('This page is temporarily unavailable.');
}
$GLOBALS['TSFE']->connectToDB();
$GLOBALS['TSFE']->sendRedirect();
// Output compression
// Remove any output produced until now
ob_clean();
if ($GLOBALS['TYPO3_CONF_VARS']['FE']['compressionLevel'] && extension_loaded('zlib')) {
if (\TYPO3\CMS\Core\Utility\MathUtility::canBeInterpretedAsInteger($GLOBALS['TYPO3_CONF_VARS']['FE']['compressionLevel'])) {
// Prevent errors if ini_set() is unavailable (safe mode)
@ini_set('zlib.output_compression_level', $GLOBALS['TYPO3_CONF_VARS']['FE']['compressionLevel']);
}
ob_start(array(\TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Frontend\\Utility\\CompressionUtility'), 'compressionOutputHandler'));
}
// FE_USER
$GLOBALS['TT']->push('Front End user initialized', '');
/** @var $GLOBALS['TSFE'] \TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController */
$GLOBALS['TSFE']->initFEuser();
$GLOBALS['TT']->pull();
// BE_USER
/** @var $GLOBALS['BE_USER'] \TYPO3\CMS\Backend\FrontendBackendUserAuthentication */
$GLOBALS['BE_USER'] = $GLOBALS['TSFE']->initializeBackendUser();
// Process the ID, type and other parameters.
// After this point we have an array, $page in TSFE, which is the page-record
// of the current page, $id.
$GLOBALS['TT']->push('Process ID', '');
// Initialize admin panel since simulation settings are required here:
if ($GLOBALS['TSFE']->isBackendUserLoggedIn()) {
$GLOBALS['BE_USER']->initializeAdminPanel();
\TYPO3\CMS\Core\Core\Bootstrap::getInstance()->loadExtensionTables(TRUE);
} else {
\TYPO3\CMS\Core\Core\Bootstrap::getInstance()->loadCachedTca();
}
$GLOBALS['TSFE']->checkAlternativeIdMethods();
$GLOBALS['TSFE']->clear_preview();
$GLOBALS['TSFE']->determineId();
// Now, if there is a backend user logged in and he has NO access to this page,
// then re-evaluate the id shown! _GP('ADMCMD_noBeUser') is placed here because
// \TYPO3\CMS\Version\Hook\PreviewHook might need to know if a backend user is logged in.
if ($GLOBALS['TSFE']->isBackendUserLoggedIn() && (!$GLOBALS['BE_USER']->extPageReadAccess($GLOBALS['TSFE']->page) || \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('ADMCMD_noBeUser'))) {
// Remove user
unset($GLOBALS['BE_USER']);
$GLOBALS['TSFE']->beUserLogin = FALSE;
// Re-evaluate the page-id.
$GLOBALS['TSFE']->checkAlternativeIdMethods();
$GLOBALS['TSFE']->clear_preview();
$GLOBALS['TSFE']->determineId();
}
$GLOBALS['TSFE']->makeCacheHash();
$GLOBALS['TT']->pull();
// Admin Panel & Frontend editing
if ($GLOBALS['TSFE']->isBackendUserLoggedIn()) {
$GLOBALS['BE_USER']->initializeFrontendEdit();
if ($GLOBALS['BE_USER']->adminPanel instanceof \TYPO3\CMS\Frontend\View\AdminPanelView) {
\TYPO3\CMS\Core\Core\Bootstrap::getInstance()->initializeLanguageObject()->initializeSpriteManager();
}
if ($GLOBALS['BE_USER']->frontendEdit instanceof \TYPO3\CMS\Core\FrontendEditing\FrontendEditingController) {
$GLOBALS['BE_USER']->frontendEdit->initConfigOptions();
}
}
// Starts the template
$GLOBALS['TT']->push('Start Template', '');
$GLOBALS['TSFE']->initTemplate();
$GLOBALS['TT']->pull();
// Get from cache
$GLOBALS['TT']->push('Get Page from cache', '');
$GLOBALS['TSFE']->getFromCache();
$GLOBALS['TT']->pull();
// Get config if not already gotten
// After this, we should have a valid config-array ready
$GLOBALS['TSFE']->getConfigArray();
// Setting language and locale
$GLOBALS['TT']->push('Setting language and locale', '');
$GLOBALS['TSFE']->settingLanguage();
$GLOBALS['TSFE']->settingLocale();
$GLOBALS['TT']->pull();
// Convert POST data to internal "renderCharset" if different from the metaCharset
$GLOBALS['TSFE']->convPOSTCharset();
// Check JumpUrl
$GLOBALS['TSFE']->setExternalJumpUrl();
$GLOBALS['TSFE']->checkJumpUrlReferer();
$GLOBALS['TSFE']->handleDataSubmission();
// Check for shortcut page and redirect
$GLOBALS['TSFE']->checkPageForShortcutRedirect();
$GLOBALS['TSFE']->checkPageForMountpointRedirect();
// Generate page
$GLOBALS['TSFE']->setUrlIdToken();
$GLOBALS['TT']->push('Page generation', '');
if ($GLOBALS['TSFE']->isGeneratePage()) {
$GLOBALS['TSFE']->generatePage_preProcessing();
$temp_theScript = $GLOBALS['TSFE']->generatePage_whichScript();
if ($temp_theScript) {
include $temp_theScript;
} else {
\TYPO3\CMS\Frontend\Page\PageGenerator::pagegenInit();
// Global content object
$GLOBALS['TSFE']->newCObj();
// LIBRARY INCLUSION, TypoScript
$temp_incFiles = \TYPO3\CMS\Frontend\Page\PageGenerator::getIncFiles();
foreach ($temp_incFiles as $temp_file) {
include_once './' . $temp_file;
}
// Content generation
if (!$GLOBALS['TSFE']->isINTincScript()) {
\TYPO3\CMS\Frontend\Page\PageGenerator::renderContent();
$GLOBALS['TSFE']->setAbsRefPrefix();
}
}
$GLOBALS['TSFE']->generatePage_postProcessing();
} elseif ($GLOBALS['TSFE']->isINTincScript()) {
\TYPO3\CMS\Frontend\Page\PageGenerator::pagegenInit();
// Global content object
$GLOBALS['TSFE']->newCObj();
// LIBRARY INCLUSION, TypoScript
$temp_incFiles = \TYPO3\CMS\Frontend\Page\PageGenerator::getIncFiles();
foreach ($temp_incFiles as $temp_file) {
include_once './' . $temp_file;
}
}
$GLOBALS['TT']->pull();
// $GLOBALS['TSFE']->config['INTincScript']
if ($GLOBALS['TSFE']->isINTincScript()) {
$GLOBALS['TT']->push('Non-cached objects', '');
$GLOBALS['TSFE']->INTincScript();
$GLOBALS['TT']->pull();
}
// Output content
$sendTSFEContent = FALSE;
if ($GLOBALS['TSFE']->isOutputting()) {
$GLOBALS['TT']->push('Print Content', '');
$GLOBALS['TSFE']->processOutput();
$sendTSFEContent = TRUE;
$GLOBALS['TT']->pull();
}
// Store session data for fe_users
$GLOBALS['TSFE']->storeSessionData();
// Statistics
$GLOBALS['TYPO3_MISC']['microtime_end'] = microtime(TRUE);
$GLOBALS['TSFE']->setParseTime();
if (isset($GLOBALS['TSFE']->config['config']['debug'])) {
$debugParseTime = (bool) $GLOBALS['TSFE']->config['config']['debug'];
} else {
$debugParseTime = !empty($GLOBALS['TSFE']->TYPO3_CONF_VARS['FE']['debug']);
}
if ($GLOBALS['TSFE']->isOutputting() && $debugParseTime) {
$GLOBALS['TSFE']->content .= LF . '<!-- Parsetime: ' . $GLOBALS['TSFE']->scriptParseTime . 'ms -->';
}
// Check JumpUrl
$GLOBALS['TSFE']->jumpurl();
// Preview info
$GLOBALS['TSFE']->previewInfo();
// Hook for end-of-frontend
$GLOBALS['TSFE']->hook_eofe();
// Finish timetracking
$GLOBALS['TT']->pull();
// Check memory usage
\TYPO3\CMS\Core\Utility\MonitorUtility::peakMemoryUsage();
// beLoginLinkIPList
echo $GLOBALS['TSFE']->beLoginLinkIPList();
// Admin panel
if ($GLOBALS['TSFE']->isBackendUserLoggedIn() && $GLOBALS['BE_USER'] instanceof \TYPO3\CMS\Backend\FrontendBackendUserAuthentication && $GLOBALS['BE_USER']->isAdminPanelVisible()) {
$GLOBALS['TSFE']->content = str_ireplace('</head>', $GLOBALS['BE_USER']->adminPanel->getAdminPanelHeaderData() . '</head>', $GLOBALS['TSFE']->content);
$GLOBALS['TSFE']->content = str_ireplace('</body>', $GLOBALS['BE_USER']->displayAdminPanel() . '</body>', $GLOBALS['TSFE']->content);
}
if ($sendTSFEContent) {
echo $GLOBALS['TSFE']->content;
}
// Debugging Output
if (isset($GLOBALS['error']) && is_object($GLOBALS['error']) && @is_callable(array($GLOBALS['error'], 'debugOutput'))) {
$GLOBALS['error']->debugOutput();
}
if (TYPO3_DLOG) {
\TYPO3\CMS\Core\Utility\GeneralUtility::devLog('END of FRONTEND session', 'cms', 0, array('_FLUSH' => TRUE));
}
\TYPO3\CMS\Core\Core\Bootstrap::getInstance()->shutdown();
}
/**
* Implementing the access checks that the typo3/init.php script does before a user is ever logged in.
* Used in the frontend.
*
* @return boolean Returns TRUE if access is OK
* @see typo3/init.php, t3lib_beuserauth::backendCheckLogin()
*/
public function checkBackendAccessSettingsFromInitPhp()
{
// Check Hardcoded lock on BE
if ($GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] < 0) {
return FALSE;
}
// Check IP
if (trim($GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) {
if (!\TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) {
return FALSE;
}
}
// Check SSL (https)
if (intval($GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL']) && $GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] != 3) {
if (!\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_SSL')) {
return FALSE;
}
}
// Finally a check from t3lib_beuserauth::backendCheckLogin()
if ($this->isUserAllowedToLogin()) {
return TRUE;
} else {
return FALSE;
}
}
/**
* The main method of the backend module
*
* @return void
*/
public function main()
{
// Include the LL file for phpMyAdmin
$GLOBALS['LANG']->includeLLFile('EXT:phpmyadmin/Resources/Private/Language/locallang.xlf');
// Set the path to phpMyAdmin
$extPath = ExtensionManagementUtility::extPath('phpmyadmin');
$typo3DocumentRoot = GeneralUtility::getIndpEnv('TYPO3_DOCUMENT_ROOT');
// Set class config for module
$this->MCONF = $GLOBALS['MCONF'];
// Get config
$extensionConfiguration = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['phpmyadmin']);
// IP-based Access restrictions
$devIPmask = trim($GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask']);
$remoteAddress = GeneralUtility::getIndpEnv('REMOTE_ADDR');
// Check for IP restriction (devIpMask), and die if not allowed
$useDevIpMask = (bool) $extensionConfiguration['useDevIpMask'];
if ($useDevIpMask === TRUE) {
// Abort if devIPmask is wildcarded
if ($devIPmask != '*') {
$message = '<h1>' . $GLOBALS['LANG']->getLL('module.headline.accessDenied') . '</h1>
<p>' . sprintf($GLOBALS['LANG']->getLL('module.message.accessDenied.devIpMask'), $remoteAddress, $devIPmask) . '</p>';
if (!GeneralUtility::cmpIP($remoteAddress, $devIPmask)) {
die($message);
}
}
}
// Check for ip restriction, and die if not allowed
$allowedIps = trim($extensionConfiguration['allowedIps']);
if (!empty($allowedIps)) {
$message = '<h1>' . $GLOBALS['LANG']->getLL('module.headline.accessDenied') . '</h1>
<p>' . sprintf($GLOBALS['LANG']->getLL('module.message.accessDenied.allowedIps'), $remoteAddress, $allowedIps) . '</p>';
if (!GeneralUtility::cmpIP($remoteAddress, $allowedIps)) {
die($message);
}
}
// Path to install dir
$this->MCONF['PMA_absolute_path'] = $extPath . $this->MCONF['PMA_subdir'];
// PMA uses relative file inclusion, so we need to ensure a proper include_path
@set_include_path($this->MCONF['PMA_absolute_path'] . PATH_SEPARATOR . get_include_path());
// Path to web dir
$this->MCONF['PMA_relative_path'] = ExtensionManagementUtility::extRelPath('phpmyadmin') . $this->MCONF['PMA_subdir'];
// If phpMyAdmin is configured in the conf.php script, we continue to load it...
if ($this->MCONF['PMA_absolute_path'] && @is_dir($this->MCONF['PMA_absolute_path'])) {
// Need to have cookie visible from parent directory
session_set_cookie_params(0, '/', '', 0);
// Create signon session
$session_name = 'tx_phpmyadmin';
session_name($session_name);
session_start();
// Store the credentials in the session
$_SESSION['PMA_single_signon_user'] = TYPO3_db_username;
$_SESSION['PMA_single_signon_password'] = TYPO3_db_password;
$_SESSION['PMA_single_signon_host'] = TYPO3_db_host;
$_SESSION['PMA_single_signon_port'] = $GLOBALS['TYPO3_CONF_VARS']['DB']['port'];
$_SESSION['PMA_single_signon_only_db'] = TYPO3_db;
// If a socket connection is configured, use this for mysqli
if (isset($GLOBALS['TYPO3_CONF_VARS']['DB']['socket'])) {
$_SESSION['PMA_typo3_socket'] = $GLOBALS['TYPO3_CONF_VARS']['DB']['socket'];
}
// Configure some other parameters
$_SESSION['PMA_extConf'] = $GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['phpmyadmin'];
$_SESSION['PMA_hideOtherDBs'] = $extensionConfiguration['hideOtherDBs'];
// Get signon uri for redirect
$path_ext = substr($extPath, strlen($typo3DocumentRoot), strlen($extPath));
$path_ext = substr($path_ext, 0, 1) != '/' ? '/' . $path_ext : $path_ext;
$path_pma = $path_ext . $this->MCONF['PMA_subdir'];
$_SESSION['PMA_SignonURL'] = $path_pma . 'index.php';
// Try to get the TYPO3 backend uri even if it's installed in a subdirectory
// Compile logout path and add a slash if the returned string does not start with
$path_typo3 = substr(PATH_typo3, strlen($typo3DocumentRoot), strlen(PATH_typo3));
$path_typo3 = substr($path_typo3, 0, 1) != '/' ? '/' . $path_typo3 : $path_typo3;
$_SESSION['PMA_LogoutURL'] = $path_typo3 . 'logout.php';
// Prepend document root if uploadDir does not start with a slash "/"
$extensionConfiguration['uploadDir'] = trim($extensionConfiguration['uploadDir']);
if (strpos($extensionConfiguration['uploadDir'], '/') !== 0) {
$_SESSION['PMA_uploadDir'] = $typo3DocumentRoot . '/' . $extensionConfiguration['uploadDir'];
} else {
$_SESSION['PMA_uploadDir'] = $extensionConfiguration['uploadDir'];
}
$_SESSION['PMA_typo3_db'] = TYPO3_db;
// Get current session id
$currentSessionId = session_id();
// Force to set the cookie according to issue #8884
// http://bugs.typo3.org/view.php?id=8884#c23323
setcookie($session_name, $currentSessionId, 0, '/', '');
// Close that session
session_write_close();
// Mapping language keys for phpMyAdmin
$languageKeyMapping = array('default' => 'en', 'dk' => 'da', 'de' => 'de', 'no' => 'no', 'it' => 'it', 'fr' => 'fr', 'es' => 'es', 'nl' => 'nl', 'cz' => 'cs-iso', 'pl' => 'pl', 'si' => 'sk');
$languageKey = $languageKeyMapping[$GLOBALS['LANG']->lang];
if (!$languageKey) {
$languageKey = 'en';
}
// Redirect to phpMyAdmin (should use absolute URL here!), setting default database
$redirectUri = GeneralUtility::locationHeaderUrl($_SESSION['PMA_SignonURL'] . '?lang=' . $languageKey . '&db=' . urlencode(TYPO3_db));
// Build and set cache-header header
$headers = array('Expires: Mon, 26 Jul 1997 05:00:00 GMT', 'Pragma: no-cache', 'Cache-Control: private');
// Send all headers
foreach ($headers as $header) {
header($header);
}
\TYPO3\CMS\Core\Utility\HttpUtility::redirect($redirectUri, \TYPO3\CMS\Core\Utility\HttpUtility::HTTP_STATUS_302);
} else {
// Render body
$this->doc = GeneralUtility::makeInstance('TYPO3\\CMS\\Backend\\Template\\DocumentTemplate');
$this->content = $this->doc->startPage($GLOBALS['LANG']->getLL('module.title'));
$this->content .= '<h1>' . $GLOBALS['LANG']->getLL('module.headline.error') . '</h1>';
// No configuration set
$this->content .= '<p>' . sprintf($GLOBALS['LANG']->getLL('module.error.invalidConfiguration'), $this->MCONF['PMA_subdir']) . '</p>';
// End document
$this->content .= $this->doc->endPage();
}
}
}
unset($hookFunction);
unset($hookParameters);
}
// Look for extension ID which will launch alternative output engine
if ($temp_extId = \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('eID')) {
if ($classPath = \TYPO3\CMS\Core\Utility\GeneralUtility::getFileAbsFileName($TYPO3_CONF_VARS['FE']['eID_include'][$temp_extId])) {
// Remove any output produced until now
ob_clean();
require $classPath;
}
die;
}
/** @var $TSFE \TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController */
$TSFE = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Frontend\\Controller\\TypoScriptFrontendController', $TYPO3_CONF_VARS, \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('id'), \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('type'), \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('no_cache'), \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('cHash'), \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('jumpurl'), \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('MP'), \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('RDCT'));
if ($TYPO3_CONF_VARS['FE']['pageUnavailable_force'] && !\TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REMOTE_ADDR'), $TYPO3_CONF_VARS['SYS']['devIPmask'])) {
$TSFE->pageUnavailableAndExit('This page is temporarily unavailable.');
}
$TSFE->connectToDB();
$TSFE->sendRedirect();
// Output compression
// Remove any output produced until now
ob_clean();
if ($TYPO3_CONF_VARS['FE']['compressionLevel'] && extension_loaded('zlib')) {
if (\TYPO3\CMS\Core\Utility\MathUtility::canBeInterpretedAsInteger($TYPO3_CONF_VARS['FE']['compressionLevel'])) {
// Prevent errors if ini_set() is unavailable (safe mode)
@ini_set('zlib.output_compression_level', $TYPO3_CONF_VARS['FE']['compressionLevel']);
}
ob_start(array(\TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Frontend\\Utility\\CompressionUtility'), 'compressionOutputHandler'));
}
// FE_USER
/**
* Compare client IP with IPmaskList and exit the script run
* if the client is not allowed to access the backend
*
* @return \TYPO3\CMS\Core\Core\Bootstrap
* @internal This is not a public API method, do not use in own extensions
*/
public function checkBackendIpOrDie()
{
if (trim($GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) {
if (!\TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) {
// Send Not Found header - if the webserver can make use of it
header('Status: 404 Not Found');
// Just point us away from here...
header('Location: http://');
// ... and exit good!
die;
}
}
return $this;
}
/**
* Evaluates a TypoScript condition given as input, eg. "[applicationContext = Production][...(other condition)...]"
*
* @param string $key The condition to match against its criteria.
* @param string $value
* @return NULL|bool Result of the evaluation; NULL if condition could not be evaluated
*/
protected function evaluateConditionCommon($key, $value)
{
$keyParts = GeneralUtility::trimExplode('|', $key);
switch ($keyParts[0]) {
case 'applicationContext':
$values = GeneralUtility::trimExplode(',', $value, true);
$currentApplicationContext = GeneralUtility::getApplicationContext();
foreach ($values as $applicationContext) {
if ($this->searchStringWildcard($currentApplicationContext, $applicationContext)) {
return true;
}
}
return false;
break;
case 'language':
if (GeneralUtility::getIndpEnv('HTTP_ACCEPT_LANGUAGE') === $value) {
return true;
}
$values = GeneralUtility::trimExplode(',', $value, true);
foreach ($values as $test) {
if (preg_match('/^\\*.+\\*$/', $test)) {
$allLanguages = preg_split('/[,;]/', GeneralUtility::getIndpEnv('HTTP_ACCEPT_LANGUAGE'));
if (in_array(substr($test, 1, -1), $allLanguages)) {
return true;
}
} elseif (GeneralUtility::getIndpEnv('HTTP_ACCEPT_LANGUAGE') == $test) {
return true;
}
}
return false;
break;
case 'IP':
if ($value === 'devIP') {
$value = trim($GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask']);
}
return (bool) GeneralUtility::cmpIP(GeneralUtility::getIndpEnv('REMOTE_ADDR'), $value);
break;
case 'hostname':
return (bool) GeneralUtility::cmpFQDN(GeneralUtility::getIndpEnv('REMOTE_ADDR'), $value);
break;
case 'hour':
case 'minute':
case 'month':
case 'year':
case 'dayofweek':
case 'dayofmonth':
case 'dayofyear':
// In order to simulate time properly in templates.
$theEvalTime = $GLOBALS['SIM_EXEC_TIME'];
switch ($key) {
case 'hour':
$theTestValue = date('H', $theEvalTime);
break;
case 'minute':
$theTestValue = date('i', $theEvalTime);
break;
case 'month':
$theTestValue = date('m', $theEvalTime);
break;
case 'year':
$theTestValue = date('Y', $theEvalTime);
break;
case 'dayofweek':
$theTestValue = date('w', $theEvalTime);
break;
case 'dayofmonth':
$theTestValue = date('d', $theEvalTime);
break;
case 'dayofyear':
$theTestValue = date('z', $theEvalTime);
break;
}
$theTestValue = (int) $theTestValue;
// comp
$values = GeneralUtility::trimExplode(',', $value, true);
foreach ($values as $test) {
if (\TYPO3\CMS\Core\Utility\MathUtility::canBeInterpretedAsInteger($test)) {
$test = '=' . $test;
}
if ($this->compareNumber($test, $theTestValue)) {
return true;
}
}
return false;
break;
case 'compatVersion':
return GeneralUtility::compat_version($value);
break;
case 'loginUser':
if ($this->isUserLoggedIn()) {
$values = GeneralUtility::trimExplode(',', $value, true);
foreach ($values as $test) {
if ($test == '*' || (string) $this->getUserId() === (string) $test) {
return true;
}
}
} elseif ($value === '') {
return true;
}
return false;
break;
case 'page':
if ($keyParts[1]) {
$page = $this->getPage();
$property = $keyParts[1];
if (!empty($page) && isset($page[$property]) && (string) $page[$property] === (string) $value) {
return true;
}
}
return false;
break;
case 'globalVar':
$values = GeneralUtility::trimExplode(',', $value, true);
foreach ($values as $test) {
$point = strcspn($test, '!=<>');
$theVarName = substr($test, 0, $point);
$nv = $this->getVariable(trim($theVarName));
$testValue = substr($test, $point);
if ($this->compareNumber($testValue, $nv)) {
return true;
}
}
return false;
break;
case 'globalString':
$values = GeneralUtility::trimExplode(',', $value, true);
foreach ($values as $test) {
$point = strcspn($test, '=');
$theVarName = substr($test, 0, $point);
$nv = (string) $this->getVariable(trim($theVarName));
$testValue = substr($test, $point + 1);
if ($this->searchStringWildcard($nv, trim($testValue))) {
return true;
}
}
return false;
break;
case 'userFunc':
$matches = array();
preg_match_all('/^\\s*([^\\(\\s]+)\\s*(?:\\((.*)\\))?\\s*$/', $value, $matches);
$funcName = $matches[1][0];
$funcValues = $matches[2][0] ? $this->parseUserFuncArguments($matches[2][0]) : array();
if (is_callable($funcName) && call_user_func_array($funcName, $funcValues)) {
return true;
}
return false;
break;
}
return null;
}
/**
* Evaluates a TypoScript condition given as input, eg. "[browser=net][...(other conditions)...]"
*
* @param string $key The condition to match against its criterias.
* @param string $value
* @return NULL|boolean Result of the evaluation; NULL if condition could not be evaluated
*/
protected function evaluateConditionCommon($key, $value)
{
if (GeneralUtility::inList('browser,version,system,useragent', strtolower($key))) {
$browserInfo = $this->getBrowserInfo(GeneralUtility::getIndpEnv('HTTP_USER_AGENT'));
}
$keyParts = GeneralUtility::trimExplode('|', $key);
switch ($keyParts[0]) {
case 'applicationContext':
$values = GeneralUtility::trimExplode(',', $value, TRUE);
$currentApplicationContext = GeneralUtility::getApplicationContext();
foreach ($values as $applicationContext) {
if ($this->searchStringWildcard($currentApplicationContext, $applicationContext)) {
return TRUE;
}
}
break;
case 'browser':
$values = GeneralUtility::trimExplode(',', $value, TRUE);
// take all identified browsers into account, eg chrome deliver
// webkit=>532.5, chrome=>4.1, safari=>532.5
// so comparing string will be
// "webkit532.5 chrome4.1 safari532.5"
$all = '';
foreach ($browserInfo['all'] as $key => $value) {
$all .= $key . $value . ' ';
}
foreach ($values as $test) {
if (stripos($all, $test) !== FALSE) {
return TRUE;
}
}
break;
case 'version':
$values = GeneralUtility::trimExplode(',', $value, TRUE);
foreach ($values as $test) {
if (strcspn($test, '=<>') == 0) {
switch ($test[0]) {
case '=':
if (doubleval(substr($test, 1)) == $browserInfo['version']) {
return TRUE;
}
break;
case '<':
if (doubleval(substr($test, 1)) > $browserInfo['version']) {
return TRUE;
}
break;
case '>':
if (doubleval(substr($test, 1)) < $browserInfo['version']) {
return TRUE;
}
break;
}
} elseif (strpos(' ' . $browserInfo['version'], $test) == 1) {
return TRUE;
}
}
break;
case 'system':
$values = GeneralUtility::trimExplode(',', $value, TRUE);
// Take all identified systems into account, e.g. mac for iOS, Linux
// for android and Windows NT for Windows XP
$allSystems = ' ' . implode(' ', $browserInfo['all_systems']);
foreach ($values as $test) {
if (stripos($allSystems, $test) !== FALSE) {
return TRUE;
}
}
break;
case 'device':
if (!isset($this->deviceInfo)) {
$this->deviceInfo = $this->getDeviceType(GeneralUtility::getIndpEnv('HTTP_USER_AGENT'));
}
$values = GeneralUtility::trimExplode(',', $value, TRUE);
foreach ($values as $test) {
if ($this->deviceInfo == $test) {
return TRUE;
}
}
break;
case 'useragent':
$test = trim($value);
if ($test !== '') {
return $this->searchStringWildcard((string) $browserInfo['useragent'], $test);
}
break;
case 'language':
$values = GeneralUtility::trimExplode(',', $value, TRUE);
foreach ($values as $test) {
if (preg_match('/^\\*.+\\*$/', $test)) {
$allLanguages = preg_split('/[,;]/', GeneralUtility::getIndpEnv('HTTP_ACCEPT_LANGUAGE'));
if (in_array(substr($test, 1, -1), $allLanguages)) {
return TRUE;
}
} elseif (GeneralUtility::getIndpEnv('HTTP_ACCEPT_LANGUAGE') == $test) {
return TRUE;
}
}
break;
case 'IP':
if ($value === 'devIP') {
$value = trim($GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask']);
}
if (GeneralUtility::cmpIP(GeneralUtility::getIndpEnv('REMOTE_ADDR'), $value)) {
return TRUE;
}
break;
case 'hostname':
if (GeneralUtility::cmpFQDN(GeneralUtility::getIndpEnv('REMOTE_ADDR'), $value)) {
return TRUE;
}
break;
case 'hour':
case 'minute':
case 'month':
case 'year':
case 'dayofweek':
case 'dayofmonth':
case 'dayofyear':
// In order to simulate time properly in templates.
$theEvalTime = $GLOBALS['SIM_EXEC_TIME'];
switch ($key) {
case 'hour':
$theTestValue = date('H', $theEvalTime);
break;
case 'minute':
$theTestValue = date('i', $theEvalTime);
break;
case 'month':
$theTestValue = date('m', $theEvalTime);
break;
case 'year':
$theTestValue = date('Y', $theEvalTime);
break;
case 'dayofweek':
$theTestValue = date('w', $theEvalTime);
break;
case 'dayofmonth':
$theTestValue = date('d', $theEvalTime);
break;
case 'dayofyear':
$theTestValue = date('z', $theEvalTime);
break;
}
$theTestValue = (int) $theTestValue;
// comp
$values = GeneralUtility::trimExplode(',', $value, TRUE);
foreach ($values as $test) {
if (\TYPO3\CMS\Core\Utility\MathUtility::canBeInterpretedAsInteger($test)) {
$test = '=' . $test;
}
if ($this->compareNumber($test, $theTestValue)) {
return TRUE;
}
}
break;
case 'compatVersion':
return GeneralUtility::compat_version($value);
break;
case 'loginUser':
if ($this->isUserLoggedIn()) {
$values = GeneralUtility::trimExplode(',', $value, TRUE);
foreach ($values as $test) {
if ($test == '*' || (string) $this->getUserId() === (string) $test) {
return TRUE;
}
}
} elseif ($value === '') {
return TRUE;
}
break;
case 'page':
if ($keyParts[1]) {
$page = $this->getPage();
$property = $keyParts[1];
if (!empty($page) && isset($page[$property]) && (string) $page[$property] === (string) $value) {
return TRUE;
}
}
break;
case 'globalVar':
$values = GeneralUtility::trimExplode(',', $value, TRUE);
foreach ($values as $test) {
$point = strcspn($test, '!=<>');
$theVarName = substr($test, 0, $point);
$nv = $this->getVariable(trim($theVarName));
$testValue = substr($test, $point);
if ($this->compareNumber($testValue, $nv)) {
return TRUE;
}
}
break;
case 'globalString':
$values = GeneralUtility::trimExplode(',', $value, TRUE);
foreach ($values as $test) {
$point = strcspn($test, '=');
$theVarName = substr($test, 0, $point);
$nv = (string) $this->getVariable(trim($theVarName));
$testValue = substr($test, $point + 1);
if ($this->searchStringWildcard($nv, trim($testValue))) {
return TRUE;
}
}
break;
case 'userFunc':
$matches = array();
preg_match_all('/^\\s*([^\\(\\s]+)\\s*(?:\\((.*)\\))?\\s*$/', $value, $matches);
$funcName = $matches[1][0];
$funcValues = $matches[2][0] ? $this->parseUserFuncArguments($matches[2][0]) : array();
if (function_exists($funcName) && call_user_func_array($funcName, $funcValues)) {
return TRUE;
}
break;
}
return NULL;
}
/**
* Implementing the access checks that the typo3/init.php script does before a user is ever logged in.
* Used in the frontend.
*
* @return boolean Returns TRUE if access is OK
*/
public function checkBackendAccessSettingsFromInitPhp()
{
// Check Hardcoded lock on BE
if ($GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] < 0) {
return FALSE;
}
// Check IP
if (trim($GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) {
$remoteAddress = GeneralUtility::getIndpEnv('REMOTE_ADDR');
if (!GeneralUtility::cmpIP($remoteAddress, $GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) {
return FALSE;
}
}
// Check SSL (https)
if ((int) $GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] && (int) $GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] !== 3) {
if (!GeneralUtility::getIndpEnv('TYPO3_SSL')) {
return FALSE;
}
}
// Finally a check from \TYPO3\CMS\Core\Authentication\BackendUserAuthentication::backendCheckLogin()
if ($this->isUserAllowedToLogin()) {
return TRUE;
} else {
return FALSE;
}
}
/**
* Compare client IP with IPmaskList and exit the script run
* if the client is not allowed to access the backend
*
* @return Bootstrap
* @internal This is not a public API method, do not use in own extensions
* @throws \RuntimeException
*/
public function checkBackendIpOrDie()
{
if (trim($GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) {
if (!GeneralUtility::cmpIP(GeneralUtility::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) {
throw new \RuntimeException('TYPO3 Backend access denied: The IP address of your client does not match the list of allowed IP addresses.', 1389265900);
}
}
return $this;
}
/**
* Checks if given IP address is acceptable.
*
* @param string $ipAddress IP address to check
* @return bool
*/
public function isIpAddressAccepted($ipAddress)
{
$ipFilter = $this->extensionConfiguration['ipFilter'];
// Re-use global IP mask if so defined
if (strtolower($ipFilter) === 'devipmask') {
$ipFilter = $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask'];
}
return GeneralUtility::cmpIP($ipAddress, $ipFilter);
}
/**
* Write DB settings to LocalConfiguration.php, using default values.
* With the switch from mysql to mysqli in 6.1, some mandatory settings were
* added. This method tries to add those settings in case of an upgrade, and
* pre-configures settings in case of a "new" install process.
*
* There are two different connection types:
* - Unix domain socket. This may be available if mysql is running on localhost
* - TCP/IP connection to some mysql system somewhere.
*
* Unix domain socket connections are quicker than TCP/IP, so it is
* tested if a unix domain socket connection to localhost is successful. If not,
* a default configuration for TCP/IP is used.
*
* @return void
*/
protected function useDefaultValuesForNotConfiguredOptions()
{
$localConfigurationPathValuePairs = array();
$localConfigurationPathValuePairs['DB/host'] = $this->getConfiguredHost();
// If host is "local" either by upgrading or by first install, we try a socket
// connection first and use TCP/IP as fallback
if ($localConfigurationPathValuePairs['DB/host'] === 'localhost' || \TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP($localConfigurationPathValuePairs['DB/host'], '127.*.*.*') || (string) $localConfigurationPathValuePairs['DB/host'] === '') {
if ($this->isConnectionWithUnixDomainSocketPossible()) {
$localConfigurationPathValuePairs['DB/host'] = 'localhost';
$localConfigurationPathValuePairs['DB/socket'] = $this->getConfiguredSocket();
} else {
if (!\TYPO3\CMS\Core\Utility\GeneralUtility::isFirstPartOfStr($localConfigurationPathValuePairs['DB/host'], '127.')) {
$localConfigurationPathValuePairs['DB/host'] = '127.0.0.1';
}
}
}
if (!isset($localConfigurationPathValuePairs['DB/socket'])) {
// Make sure a default port is set if not configured yet
// This is independent from any host configuration
$port = $this->getConfiguredPort();
if ($port > 0) {
$localConfigurationPathValuePairs['DB/port'] = $port;
} else {
$localConfigurationPathValuePairs['DB/port'] = $this->getConfiguredOrDefaultPort();
}
}
/** @var \TYPO3\CMS\Core\Configuration\ConfigurationManager $configurationManager */
$configurationManager = $this->objectManager->get(\TYPO3\CMS\Core\Configuration\ConfigurationManager::class);
$configurationManager->setLocalConfigurationValuesByPathValuePairs($localConfigurationPathValuePairs);
}
/**
* @return bool
*/
protected function getIsAllowedByDevIPMask()
{
return GeneralUtility::cmpIP(GeneralUtility::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask']);
}
