/**
* Switch backen user session
*
* @param array $params
* @param \TYPO3\CMS\Core\Authentication\AbstractUserAuthentication $that
* @see t3lib_userauth::logoff()
* @todo Define visibility
*/
public function switchBack($params, $that)
{
// Is a backend session handled?
if ($that->session_table !== 'be_sessions' || !$that->user['uid'] || !$that->user['ses_backuserid']) {
return;
}
// @TODO: Move update functionality to Tx_Beuser_Domain_Repository_BackendUserSessionRepository
$updateData = array('ses_userid' => $that->user['ses_backuserid'], 'ses_backuserid' => 0);
$GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_sessions', 'ses_id = ' . $GLOBALS['TYPO3_DB']->fullQuoteStr($GLOBALS['BE_USER']->id, 'be_sessions') . ' AND ses_name = ' . $GLOBALS['TYPO3_DB']->fullQuoteStr(\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName(), 'be_sessions') . ' AND ses_userid=' . intval($GLOBALS['BE_USER']->user['uid']), $updateData);
$redirectUrl = $GLOBALS['BACK_PATH'] . 'index.php' . ($GLOBALS['TYPO3_CONF_VARS']['BE']['interfaces'] ? '' : '?commandLI=1');
\TYPO3\CMS\Core\Utility\HttpUtility::redirect($redirectUrl);
}
/**
* Creates the backend user object and returns it.
*
* @return \TYPO3\CMS\Backend\FrontendBackendUserAuthentication the backend user object
*/
public function initializeBackendUser()
{
// PRE BE_USER HOOK
if (is_array($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/index_ts.php']['preBeUser'])) {
foreach ($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/index_ts.php']['preBeUser'] as $_funcRef) {
$_params = array();
\TYPO3\CMS\Core\Utility\GeneralUtility::callUserFunction($_funcRef, $_params, $this);
}
}
/** @var $BE_USER \TYPO3\CMS\Backend\FrontendBackendUserAuthentication */
$BE_USER = NULL;
// If the backend cookie is set,
// we proceed and check if a backend user is logged in.
if ($_COOKIE[\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName()]) {
$GLOBALS['TYPO3_MISC']['microtime_BE_USER_start'] = microtime(TRUE);
$GLOBALS['TT']->push('Back End user initialized', '');
// TODO: validate the comment below: is this necessary? if so,
// formfield_status should be set to "" in t3lib_tsfeBeUserAuth
// which is a subclass of t3lib_beUserAuth
// ----
// the value this->formfield_status is set to empty in order to
// disable login-attempts to the backend account through this script
// New backend user object
$BE_USER = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Backend\\FrontendBackendUserAuthentication');
$BE_USER->OS = TYPO3_OS;
$BE_USER->lockIP = $this->TYPO3_CONF_VARS['BE']['lockIP'];
// Object is initialized
$BE_USER->start();
$BE_USER->unpack_uc('');
if ($BE_USER->user['uid']) {
$BE_USER->fetchGroupData();
$this->beUserLogin = 1;
}
// Unset the user initialization.
if (!$BE_USER->checkLockToIP() || !$BE_USER->checkBackendAccessSettingsFromInitPhp() || !$BE_USER->user['uid']) {
$BE_USER = NULL;
$this->beUserLogin = 0;
$_SESSION['TYPO3-TT-start'] = FALSE;
}
$GLOBALS['TT']->pull();
$GLOBALS['TYPO3_MISC']['microtime_BE_USER_end'] = microtime(TRUE);
}
// POST BE_USER HOOK
if (is_array($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/index_ts.php']['postBeUser'])) {
$_params = array('BE_USER' => &$BE_USER);
foreach ($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/index_ts.php']['postBeUser'] as $_funcRef) {
\TYPO3\CMS\Core\Utility\GeneralUtility::callUserFunction($_funcRef, $_params, $this);
}
}
return $BE_USER;
}
/**
* Switches to a given user (SU-mode) and then redirects to the start page of the backend to refresh the navigation etc.
*
* @param string $switchUser BE-user record that will be switched to
* @param boolean $switchBack
* @return void
*/
protected function switchUser($switchUser, $switchBack = FALSE)
{
$targetUser = \TYPO3\CMS\Backend\Utility\BackendUtility::getRecord('be_users', $switchUser);
if (is_array($targetUser) && $GLOBALS['BE_USER']->isAdmin()) {
$updateData['ses_userid'] = $targetUser['uid'];
// User switchback or replace current session?
if ($switchBack) {
$updateData['ses_backuserid'] = (int) $GLOBALS['BE_USER']->user['uid'];
// Set backend user listing module as starting module for switchback
$GLOBALS['BE_USER']->uc['startModuleOnFirstLogin'] = '******';
$GLOBALS['BE_USER']->writeUC();
}
$whereClause = 'ses_id=' . $GLOBALS['TYPO3_DB']->fullQuoteStr($GLOBALS['BE_USER']->id, 'be_sessions');
$whereClause .= ' AND ses_name=' . $GLOBALS['TYPO3_DB']->fullQuoteStr(\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName(), 'be_sessions');
$whereClause .= ' AND ses_userid=' . (int) $GLOBALS['BE_USER']->user['uid'];
$GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_sessions', $whereClause, $updateData);
$redirectUrl = $GLOBALS['BACK_PATH'] . 'index.php' . ($GLOBALS['TYPO3_CONF_VARS']['BE']['interfaces'] ? '' : '?commandLI=1');
\TYPO3\CMS\Core\Utility\HttpUtility::redirect($redirectUrl);
}
}
/**
* Checking, if we should perform some sort of redirection OR closing of windows.
*
* Do redirect:
*
* If a user is logged in AND
* a) if either the login is just done (isLoginInProgress) or
* b) a loginRefresh is done
*
* @throws \RuntimeException
* @throws \UnexpectedValueException
*/
protected function checkRedirect()
{
if (empty($this->getBackendUserAuthentication()->user['uid']) && ($this->isLoginInProgress() || !$this->loginRefresh)) {
return;
}
/*
* If no cookie has been set previously, we tell people that this is a problem.
* This assumes that a cookie-setting script (like this one) has been hit at
* least once prior to this instance.
*/
if (!$_COOKIE[BackendUserAuthentication::getCookieName()]) {
if ($this->submitValue === 'setCookie') {
/*
* we tried it a second time but still no cookie
* 26/4 2005: This does not work anymore, because the saving of challenge values
* in $_SESSION means the system will act as if the password was wrong.
*/
throw new \RuntimeException('Login-error: Yeah, that\'s a classic. No cookies, no TYPO3. ' . 'Please accept cookies from TYPO3 - otherwise you\'ll not be able to use the system.', 1294586846);
} else {
// try it once again - that might be needed for auto login
$this->redirectToURL = 'index.php?commandLI=setCookie';
}
}
$redirectToUrl = (string) $this->getBackendUserAuthentication()->getTSConfigVal('auth.BE.redirectToURL');
if (empty($redirectToUrl)) {
// Based on the interface we set the redirect script
switch (GeneralUtility::_GP('interface')) {
case 'frontend':
$interface = 'frontend';
$this->redirectToURL = '../';
break;
case 'backend':
$interface = 'backend';
$this->redirectToURL = BackendUtility::getModuleUrl('main');
break;
default:
$interface = '';
}
} else {
$this->redirectToURL = $redirectToUrl;
$interface = '';
}
// store interface
$this->getBackendUserAuthentication()->uc['interfaceSetup'] = $interface;
$this->getBackendUserAuthentication()->writeUC();
$formProtection = FormProtectionFactory::get();
if (!$formProtection instanceof BackendFormProtection) {
throw new \RuntimeException('The Form Protection retrieved does not match the expected one.', 1432080411);
}
if ($this->loginRefresh) {
$formProtection->setSessionTokenFromRegistry();
$formProtection->persistSessionToken();
$this->getDocumentTemplate()->JScode .= $this->getDocumentTemplate()->wrapScriptTags('
if (parent.opener && parent.opener.TYPO3 && parent.opener.TYPO3.LoginRefresh) {
parent.opener.TYPO3.LoginRefresh.startTask();
parent.close();
}
');
} else {
$formProtection->storeSessionTokenInRegistry();
HttpUtility::redirect($this->redirectToURL);
}
}
/**
* Update current session to move back to the original user.
*
* @param AbstractUserAuthentication $authentication
* @return void
*/
public function switchBackToOriginalUser(AbstractUserAuthentication $authentication)
{
$queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('be_sessions');
$queryBuilder->update('be_sessions')->set('ses_userid', $authentication->user['ses_backuserid'])->set('ses_backuserid', 0)->where($queryBuilder->expr()->eq('ses_id', $queryBuilder->createNamedParameter($GLOBALS['BE_USER']->id, \PDO::PARAM_STR)), $queryBuilder->expr()->eq('ses_name', $queryBuilder->createNamedParameter(BackendUserAuthentication::getCookieName(), \PDO::PARAM_STR)), $queryBuilder->expr()->eq('ses_userid', $queryBuilder->createNamedParameter($GLOBALS['BE_USER']->user['uid'], \PDO::PARAM_INT)))->execute();
}
/**
* Switches to a given user (SU-mode) and then redirects to the start page of the backend to refresh the navigation etc.
*
* @param array $switchUser BE-user record that will be switched to
* @param boolean $switchBack
* @return void
*/
protected function switchUser($switchUser, $switchBack = FALSE)
{
$targetUser = \TYPO3\CMS\Backend\Utility\BackendUtility::getRecord('be_users', $switchUser);
if (is_array($targetUser) && $GLOBALS['BE_USER']->isAdmin()) {
$updateData['ses_userid'] = $targetUser['uid'];
// User switchback or replace current session?
if ($switchBack) {
$updateData['ses_backuserid'] = intval($GLOBALS['BE_USER']->user['uid']);
}
$GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_sessions', 'ses_id=' . $GLOBALS['TYPO3_DB']->fullQuoteStr($GLOBALS['BE_USER']->id, 'be_sessions') . ' AND ses_name=' . $GLOBALS['TYPO3_DB']->fullQuoteStr(\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName(), 'be_sessions') . ' AND ses_userid=' . intval($GLOBALS['BE_USER']->user['uid']), $updateData);
$redirectUrl = $GLOBALS['BACK_PATH'] . 'index.php' . ($GLOBALS['TYPO3_CONF_VARS']['BE']['interfaces'] ? '' : '?commandLI=1');
\TYPO3\CMS\Core\Utility\HttpUtility::redirect($redirectUrl);
}
}
/**
* Update current session to move back to the original user.
*
* @param \TYPO3\CMS\Core\Authentication\AbstractUserAuthentication $authentication
* @return void
*/
public function switchBackToOriginalUser(\TYPO3\CMS\Core\Authentication\AbstractUserAuthentication $authentication)
{
$updateData = array('ses_userid' => $authentication->user['ses_backuserid'], 'ses_backuserid' => 0);
$GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_sessions', 'ses_id = ' . $GLOBALS['TYPO3_DB']->fullQuoteStr($GLOBALS['BE_USER']->id, 'be_sessions') . ' AND ses_name = ' . $GLOBALS['TYPO3_DB']->fullQuoteStr(\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName(), 'be_sessions') . ' AND ses_userid=' . (int) $GLOBALS['BE_USER']->user['uid'], $updateData);
}
/**
* Check whether the user was already authorized or not
*
* @return boolean
*/
protected function hasLoginBeenProcessed()
{
$loginFormData = $GLOBALS['BE_USER']->getLoginFormData();
return $loginFormData['status'] == 'login' && isset($loginFormData['uname']) && isset($loginFormData['uident']) && isset($loginFormData['chalvalue']) && (string) $_COOKIE[\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName()] !== (string) $GLOBALS['BE_USER']->id;
}
/**
* Switches to a given user (SU-mode) and then redirects to the start page of the backend to refresh the navigation etc.
*
* @param string $switchUser BE-user record that will be switched to
* @return void
*/
protected function switchUser($switchUser)
{
$targetUser = \TYPO3\CMS\Backend\Utility\BackendUtility::getRecord('be_users', $switchUser);
if (is_array($targetUser) && $this->getBackendUserAuthentication()->isAdmin()) {
// Set backend user listing module as starting module for switchback
$this->getBackendUserAuthentication()->uc['startModuleOnFirstLogin'] = '******';
$this->getBackendUserAuthentication()->writeUC();
$queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('be_sessions');
$queryBuilder->update('be_sessions')->where($queryBuilder->expr()->eq('ses_id', $queryBuilder->createNamedParameter($this->getBackendUserAuthentication()->id, \PDO::PARAM_STR)), $queryBuilder->expr()->eq('ses_name', $queryBuilder->createNamedParameter(\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName(), \PDO::PARAM_STR)), $queryBuilder->expr()->eq('ses_userid', $queryBuilder->createNamedParameter($this->getBackendUserAuthentication()->user['uid'], \PDO::PARAM_INT)))->set('ses_userid', (int) $targetUser['uid'])->set('ses_backuserid', (int) $this->getBackendUserAuthentication()->user['uid'])->execute();
$redirectUrl = 'index.php' . ($GLOBALS['TYPO3_CONF_VARS']['BE']['interfaces'] ? '' : '?commandLI=1');
\TYPO3\CMS\Core\Utility\HttpUtility::redirect($redirectUrl);
}
}
/**
* Checking, if we should perform some sort of redirection OR closing of windows.
*
* @return void
* @todo Define visibility
*/
public function checkRedirect()
{
// Do redirect:
// If a user is logged in AND a) if either the login is just done (isLoginInProgress) or b) a loginRefresh is done or c) the interface-selector is NOT enabled (If it is on the other hand, it should not just load an interface, because people has to choose then...)
if (!empty($GLOBALS['BE_USER']->user['uid']) && ($this->isLoginInProgress() || $this->loginRefresh || !$this->interfaceSelector)) {
// If no cookie has been set previously we tell people that this is a problem. This assumes that a cookie-setting script (like this one) has been hit at least once prior to this instance.
if (!$_COOKIE[\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName()]) {
if ($this->commandLI == 'setCookie') {
// we tried it a second time but still no cookie
// 26/4 2005: This does not work anymore, because the saving of challenge values in $_SESSION means the system will act as if the password was wrong.
throw new \RuntimeException('Login-error: Yeah, that\'s a classic. No cookies, no TYPO3.<br /><br />Please accept cookies from TYPO3 - otherwise you\'ll not be able to use the system.', 1294586846);
} else {
// try it once again - that might be needed for auto login
$this->redirectToURL = 'index.php?commandLI=setCookie';
}
}
if ($redirectToURL = (string) $GLOBALS['BE_USER']->getTSConfigVal('auth.BE.redirectToURL')) {
$this->redirectToURL = $redirectToURL;
$this->GPinterface = '';
}
// store interface
$GLOBALS['BE_USER']->uc['interfaceSetup'] = $this->GPinterface;
$GLOBALS['BE_USER']->writeUC();
// Based on specific setting of interface we set the redirect script:
switch ($this->GPinterface) {
case 'backend':
case 'backend_old':
$this->redirectToURL = 'backend.php';
break;
case 'frontend':
$this->redirectToURL = '../';
break;
}
/** @var $formProtection \TYPO3\CMS\Core\FormProtection\BackendFormProtection */
$formProtection = \TYPO3\CMS\Core\FormProtection\FormProtectionFactory::get();
// If there is a redirect URL AND if loginRefresh is not set...
if (!$this->loginRefresh) {
$formProtection->storeSessionTokenInRegistry();
HttpUtility::redirect($this->redirectToURL);
} else {
$formProtection->setSessionTokenFromRegistry();
$formProtection->persistSessionToken();
$GLOBALS['TBE_TEMPLATE']->JScode .= $GLOBALS['TBE_TEMPLATE']->wrapScriptTags('
if (parent.opener && (parent.opener.busy || parent.opener.TYPO3.loginRefresh)) {
if (parent.opener.TYPO3.loginRefresh) {
parent.opener.TYPO3.loginRefresh.startTimer();
} else {
parent.opener.busy.loginRefreshed();
}
parent.close();
}
');
}
} elseif (empty($GLOBALS['BE_USER']->user['uid']) && $this->isLoginInProgress()) {
// Wrong password, wait for 5 seconds
sleep(5);
}
}
* This is the MAIN DOCUMENT of the TypoScript driven standard front-end (from the "cms" extension)
* Basically put this is the "index.php" script which all requests for TYPO3 delivered pages goes to in the frontend (the website)
* The script configures constants, includes libraries and does a little logic here and there in order to instantiate the right classes to create the webpage.
* All the real data processing goes on in the "tslib/" classes which this script will include and use as needed.
*
* Revised for TYPO3 3.6 June/2003 by Kasper Skårhøj
*
* @author Kasper Skårhøj <*****@*****.**>
*/
define('TYPO3_MODE', 'FE');
\TYPO3\CMS\Core\Core\Bootstrap::getInstance()->startOutputBuffering()->loadConfigurationAndInitialize()->loadTypo3LoadedExtAndExtLocalconf(TRUE)->applyAdditionalConfigurationSettings();
if (!\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('cms')) {
die('<strong>Error:</strong> The main frontend extension "cms" was not loaded. Enable it in the extension manager in the backend.');
}
// Timetracking started
if ($_COOKIE[\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName()]) {
require_once PATH_t3lib . 'class.t3lib_timetrack.php';
$TT = new \TYPO3\CMS\Core\TimeTracker\TimeTracker();
} else {
require_once PATH_t3lib . 'class.t3lib_timetracknull.php';
$TT = new t3lib_timeTrackNull();
}
$TT->start();
\TYPO3\CMS\Core\Core\Bootstrap::getInstance()->initializeTypo3DbGlobal(FALSE);
// Hook to preprocess the current request:
if (is_array($TYPO3_CONF_VARS['SC_OPTIONS']['tslib/index_ts.php']['preprocessRequest'])) {
foreach ($TYPO3_CONF_VARS['SC_OPTIONS']['tslib/index_ts.php']['preprocessRequest'] as $hookFunction) {
$hookParameters = array();
\TYPO3\CMS\Core\Utility\GeneralUtility::callUserFunction($hookFunction, $hookParameters, $hookParameters);
}
unset($hookFunction);
/**
* Update current session to move back to the original user.
*
* @param AbstractUserAuthentication $authentication
* @return void
*/
public function switchBackToOriginalUser(AbstractUserAuthentication $authentication)
{
$updateData = array('ses_userid' => $authentication->user['ses_backuserid'], 'ses_backuserid' => 0);
$db = $this->getDatabaseConnection();
$db->exec_UPDATEquery('be_sessions', 'ses_id = ' . $db->fullQuoteStr($GLOBALS['BE_USER']->id, 'be_sessions') . ' AND ses_name = ' . $db->fullQuoteStr(BackendUserAuthentication::getCookieName(), 'be_sessions') . ' AND ses_userid=' . (int) $GLOBALS['BE_USER']->user['uid'], $updateData);
}
/**
* Creates the backend user object and returns it.
*
* @return FrontendBackendUserAuthentication the backend user object
*/
public function initializeBackendUser()
{
// PRE BE_USER HOOK
if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/index_ts.php']['preBeUser'])) {
foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/index_ts.php']['preBeUser'] as $_funcRef) {
$_params = [];
GeneralUtility::callUserFunction($_funcRef, $_params, $this);
}
}
/** @var $BE_USER FrontendBackendUserAuthentication */
$BE_USER = null;
// If the backend cookie is set,
// we proceed and check if a backend user is logged in.
if ($_COOKIE[BackendUserAuthentication::getCookieName()]) {
$GLOBALS['TYPO3_MISC']['microtime_BE_USER_start'] = microtime(true);
$this->getTimeTracker()->push('Back End user initialized', '');
// @todo validate the comment below: is this necessary? if so,
// formfield_status should be set to "" in \TYPO3\CMS\Backend\FrontendBackendUserAuthentication
// which is a subclass of \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
// ----
// the value this->formfield_status is set to empty in order to
// disable login-attempts to the backend account through this script
// New backend user object
$BE_USER = GeneralUtility::makeInstance(FrontendBackendUserAuthentication::class);
// Object is initialized
$BE_USER->start();
$BE_USER->unpack_uc();
if (!empty($BE_USER->user['uid'])) {
$BE_USER->fetchGroupData();
$this->beUserLogin = true;
}
// Unset the user initialization.
if (!$BE_USER->checkLockToIP() || !$BE_USER->checkBackendAccessSettingsFromInitPhp() || empty($BE_USER->user['uid'])) {
$BE_USER = null;
$this->beUserLogin = false;
}
$this->getTimeTracker()->pull();
$GLOBALS['TYPO3_MISC']['microtime_BE_USER_end'] = microtime(true);
}
// POST BE_USER HOOK
if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/index_ts.php']['postBeUser'])) {
$_params = ['BE_USER' => &$BE_USER];
foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/index_ts.php']['postBeUser'] as $_funcRef) {
GeneralUtility::callUserFunction($_funcRef, $_params, $this);
}
}
return $BE_USER;
}
