/** * Switch backen user session * * @param array $params * @param \TYPO3\CMS\Core\Authentication\AbstractUserAuthentication $that * @see t3lib_userauth::logoff() * @todo Define visibility */ public function switchBack($params, $that) { // Is a backend session handled? if ($that->session_table !== 'be_sessions' || !$that->user['uid'] || !$that->user['ses_backuserid']) { return; } // @TODO: Move update functionality to Tx_Beuser_Domain_Repository_BackendUserSessionRepository $updateData = array('ses_userid' => $that->user['ses_backuserid'], 'ses_backuserid' => 0); $GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_sessions', 'ses_id = ' . $GLOBALS['TYPO3_DB']->fullQuoteStr($GLOBALS['BE_USER']->id, 'be_sessions') . ' AND ses_name = ' . $GLOBALS['TYPO3_DB']->fullQuoteStr(\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName(), 'be_sessions') . ' AND ses_userid=' . intval($GLOBALS['BE_USER']->user['uid']), $updateData); $redirectUrl = $GLOBALS['BACK_PATH'] . 'index.php' . ($GLOBALS['TYPO3_CONF_VARS']['BE']['interfaces'] ? '' : '?commandLI=1'); \TYPO3\CMS\Core\Utility\HttpUtility::redirect($redirectUrl); }
/** * Creates the backend user object and returns it. * * @return \TYPO3\CMS\Backend\FrontendBackendUserAuthentication the backend user object */ public function initializeBackendUser() { // PRE BE_USER HOOK if (is_array($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/index_ts.php']['preBeUser'])) { foreach ($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/index_ts.php']['preBeUser'] as $_funcRef) { $_params = array(); \TYPO3\CMS\Core\Utility\GeneralUtility::callUserFunction($_funcRef, $_params, $this); } } /** @var $BE_USER \TYPO3\CMS\Backend\FrontendBackendUserAuthentication */ $BE_USER = NULL; // If the backend cookie is set, // we proceed and check if a backend user is logged in. if ($_COOKIE[\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName()]) { $GLOBALS['TYPO3_MISC']['microtime_BE_USER_start'] = microtime(TRUE); $GLOBALS['TT']->push('Back End user initialized', ''); // TODO: validate the comment below: is this necessary? if so, // formfield_status should be set to "" in t3lib_tsfeBeUserAuth // which is a subclass of t3lib_beUserAuth // ---- // the value this->formfield_status is set to empty in order to // disable login-attempts to the backend account through this script // New backend user object $BE_USER = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Backend\\FrontendBackendUserAuthentication'); $BE_USER->OS = TYPO3_OS; $BE_USER->lockIP = $this->TYPO3_CONF_VARS['BE']['lockIP']; // Object is initialized $BE_USER->start(); $BE_USER->unpack_uc(''); if ($BE_USER->user['uid']) { $BE_USER->fetchGroupData(); $this->beUserLogin = 1; } // Unset the user initialization. if (!$BE_USER->checkLockToIP() || !$BE_USER->checkBackendAccessSettingsFromInitPhp() || !$BE_USER->user['uid']) { $BE_USER = NULL; $this->beUserLogin = 0; $_SESSION['TYPO3-TT-start'] = FALSE; } $GLOBALS['TT']->pull(); $GLOBALS['TYPO3_MISC']['microtime_BE_USER_end'] = microtime(TRUE); } // POST BE_USER HOOK if (is_array($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/index_ts.php']['postBeUser'])) { $_params = array('BE_USER' => &$BE_USER); foreach ($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/index_ts.php']['postBeUser'] as $_funcRef) { \TYPO3\CMS\Core\Utility\GeneralUtility::callUserFunction($_funcRef, $_params, $this); } } return $BE_USER; }
/** * Switches to a given user (SU-mode) and then redirects to the start page of the backend to refresh the navigation etc. * * @param string $switchUser BE-user record that will be switched to * @param boolean $switchBack * @return void */ protected function switchUser($switchUser, $switchBack = FALSE) { $targetUser = \TYPO3\CMS\Backend\Utility\BackendUtility::getRecord('be_users', $switchUser); if (is_array($targetUser) && $GLOBALS['BE_USER']->isAdmin()) { $updateData['ses_userid'] = $targetUser['uid']; // User switchback or replace current session? if ($switchBack) { $updateData['ses_backuserid'] = (int) $GLOBALS['BE_USER']->user['uid']; // Set backend user listing module as starting module for switchback $GLOBALS['BE_USER']->uc['startModuleOnFirstLogin'] = '******'; $GLOBALS['BE_USER']->writeUC(); } $whereClause = 'ses_id=' . $GLOBALS['TYPO3_DB']->fullQuoteStr($GLOBALS['BE_USER']->id, 'be_sessions'); $whereClause .= ' AND ses_name=' . $GLOBALS['TYPO3_DB']->fullQuoteStr(\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName(), 'be_sessions'); $whereClause .= ' AND ses_userid=' . (int) $GLOBALS['BE_USER']->user['uid']; $GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_sessions', $whereClause, $updateData); $redirectUrl = $GLOBALS['BACK_PATH'] . 'index.php' . ($GLOBALS['TYPO3_CONF_VARS']['BE']['interfaces'] ? '' : '?commandLI=1'); \TYPO3\CMS\Core\Utility\HttpUtility::redirect($redirectUrl); } }
/** * Checking, if we should perform some sort of redirection OR closing of windows. * * Do redirect: * * If a user is logged in AND * a) if either the login is just done (isLoginInProgress) or * b) a loginRefresh is done * * @throws \RuntimeException * @throws \UnexpectedValueException */ protected function checkRedirect() { if (empty($this->getBackendUserAuthentication()->user['uid']) && ($this->isLoginInProgress() || !$this->loginRefresh)) { return; } /* * If no cookie has been set previously, we tell people that this is a problem. * This assumes that a cookie-setting script (like this one) has been hit at * least once prior to this instance. */ if (!$_COOKIE[BackendUserAuthentication::getCookieName()]) { if ($this->submitValue === 'setCookie') { /* * we tried it a second time but still no cookie * 26/4 2005: This does not work anymore, because the saving of challenge values * in $_SESSION means the system will act as if the password was wrong. */ throw new \RuntimeException('Login-error: Yeah, that\'s a classic. No cookies, no TYPO3. ' . 'Please accept cookies from TYPO3 - otherwise you\'ll not be able to use the system.', 1294586846); } else { // try it once again - that might be needed for auto login $this->redirectToURL = 'index.php?commandLI=setCookie'; } } $redirectToUrl = (string) $this->getBackendUserAuthentication()->getTSConfigVal('auth.BE.redirectToURL'); if (empty($redirectToUrl)) { // Based on the interface we set the redirect script switch (GeneralUtility::_GP('interface')) { case 'frontend': $interface = 'frontend'; $this->redirectToURL = '../'; break; case 'backend': $interface = 'backend'; $this->redirectToURL = BackendUtility::getModuleUrl('main'); break; default: $interface = ''; } } else { $this->redirectToURL = $redirectToUrl; $interface = ''; } // store interface $this->getBackendUserAuthentication()->uc['interfaceSetup'] = $interface; $this->getBackendUserAuthentication()->writeUC(); $formProtection = FormProtectionFactory::get(); if (!$formProtection instanceof BackendFormProtection) { throw new \RuntimeException('The Form Protection retrieved does not match the expected one.', 1432080411); } if ($this->loginRefresh) { $formProtection->setSessionTokenFromRegistry(); $formProtection->persistSessionToken(); $this->getDocumentTemplate()->JScode .= $this->getDocumentTemplate()->wrapScriptTags(' if (parent.opener && parent.opener.TYPO3 && parent.opener.TYPO3.LoginRefresh) { parent.opener.TYPO3.LoginRefresh.startTask(); parent.close(); } '); } else { $formProtection->storeSessionTokenInRegistry(); HttpUtility::redirect($this->redirectToURL); } }
/** * Update current session to move back to the original user. * * @param AbstractUserAuthentication $authentication * @return void */ public function switchBackToOriginalUser(AbstractUserAuthentication $authentication) { $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('be_sessions'); $queryBuilder->update('be_sessions')->set('ses_userid', $authentication->user['ses_backuserid'])->set('ses_backuserid', 0)->where($queryBuilder->expr()->eq('ses_id', $queryBuilder->createNamedParameter($GLOBALS['BE_USER']->id, \PDO::PARAM_STR)), $queryBuilder->expr()->eq('ses_name', $queryBuilder->createNamedParameter(BackendUserAuthentication::getCookieName(), \PDO::PARAM_STR)), $queryBuilder->expr()->eq('ses_userid', $queryBuilder->createNamedParameter($GLOBALS['BE_USER']->user['uid'], \PDO::PARAM_INT)))->execute(); }
/** * Switches to a given user (SU-mode) and then redirects to the start page of the backend to refresh the navigation etc. * * @param array $switchUser BE-user record that will be switched to * @param boolean $switchBack * @return void */ protected function switchUser($switchUser, $switchBack = FALSE) { $targetUser = \TYPO3\CMS\Backend\Utility\BackendUtility::getRecord('be_users', $switchUser); if (is_array($targetUser) && $GLOBALS['BE_USER']->isAdmin()) { $updateData['ses_userid'] = $targetUser['uid']; // User switchback or replace current session? if ($switchBack) { $updateData['ses_backuserid'] = intval($GLOBALS['BE_USER']->user['uid']); } $GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_sessions', 'ses_id=' . $GLOBALS['TYPO3_DB']->fullQuoteStr($GLOBALS['BE_USER']->id, 'be_sessions') . ' AND ses_name=' . $GLOBALS['TYPO3_DB']->fullQuoteStr(\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName(), 'be_sessions') . ' AND ses_userid=' . intval($GLOBALS['BE_USER']->user['uid']), $updateData); $redirectUrl = $GLOBALS['BACK_PATH'] . 'index.php' . ($GLOBALS['TYPO3_CONF_VARS']['BE']['interfaces'] ? '' : '?commandLI=1'); \TYPO3\CMS\Core\Utility\HttpUtility::redirect($redirectUrl); } }
/** * Update current session to move back to the original user. * * @param \TYPO3\CMS\Core\Authentication\AbstractUserAuthentication $authentication * @return void */ public function switchBackToOriginalUser(\TYPO3\CMS\Core\Authentication\AbstractUserAuthentication $authentication) { $updateData = array('ses_userid' => $authentication->user['ses_backuserid'], 'ses_backuserid' => 0); $GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_sessions', 'ses_id = ' . $GLOBALS['TYPO3_DB']->fullQuoteStr($GLOBALS['BE_USER']->id, 'be_sessions') . ' AND ses_name = ' . $GLOBALS['TYPO3_DB']->fullQuoteStr(\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName(), 'be_sessions') . ' AND ses_userid=' . (int) $GLOBALS['BE_USER']->user['uid'], $updateData); }
/** * Check whether the user was already authorized or not * * @return boolean */ protected function hasLoginBeenProcessed() { $loginFormData = $GLOBALS['BE_USER']->getLoginFormData(); return $loginFormData['status'] == 'login' && isset($loginFormData['uname']) && isset($loginFormData['uident']) && isset($loginFormData['chalvalue']) && (string) $_COOKIE[\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName()] !== (string) $GLOBALS['BE_USER']->id; }
/** * Switches to a given user (SU-mode) and then redirects to the start page of the backend to refresh the navigation etc. * * @param string $switchUser BE-user record that will be switched to * @return void */ protected function switchUser($switchUser) { $targetUser = \TYPO3\CMS\Backend\Utility\BackendUtility::getRecord('be_users', $switchUser); if (is_array($targetUser) && $this->getBackendUserAuthentication()->isAdmin()) { // Set backend user listing module as starting module for switchback $this->getBackendUserAuthentication()->uc['startModuleOnFirstLogin'] = '******'; $this->getBackendUserAuthentication()->writeUC(); $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('be_sessions'); $queryBuilder->update('be_sessions')->where($queryBuilder->expr()->eq('ses_id', $queryBuilder->createNamedParameter($this->getBackendUserAuthentication()->id, \PDO::PARAM_STR)), $queryBuilder->expr()->eq('ses_name', $queryBuilder->createNamedParameter(\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName(), \PDO::PARAM_STR)), $queryBuilder->expr()->eq('ses_userid', $queryBuilder->createNamedParameter($this->getBackendUserAuthentication()->user['uid'], \PDO::PARAM_INT)))->set('ses_userid', (int) $targetUser['uid'])->set('ses_backuserid', (int) $this->getBackendUserAuthentication()->user['uid'])->execute(); $redirectUrl = 'index.php' . ($GLOBALS['TYPO3_CONF_VARS']['BE']['interfaces'] ? '' : '?commandLI=1'); \TYPO3\CMS\Core\Utility\HttpUtility::redirect($redirectUrl); } }
/** * Checking, if we should perform some sort of redirection OR closing of windows. * * @return void * @todo Define visibility */ public function checkRedirect() { // Do redirect: // If a user is logged in AND a) if either the login is just done (isLoginInProgress) or b) a loginRefresh is done or c) the interface-selector is NOT enabled (If it is on the other hand, it should not just load an interface, because people has to choose then...) if (!empty($GLOBALS['BE_USER']->user['uid']) && ($this->isLoginInProgress() || $this->loginRefresh || !$this->interfaceSelector)) { // If no cookie has been set previously we tell people that this is a problem. This assumes that a cookie-setting script (like this one) has been hit at least once prior to this instance. if (!$_COOKIE[\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName()]) { if ($this->commandLI == 'setCookie') { // we tried it a second time but still no cookie // 26/4 2005: This does not work anymore, because the saving of challenge values in $_SESSION means the system will act as if the password was wrong. throw new \RuntimeException('Login-error: Yeah, that\'s a classic. No cookies, no TYPO3.<br /><br />Please accept cookies from TYPO3 - otherwise you\'ll not be able to use the system.', 1294586846); } else { // try it once again - that might be needed for auto login $this->redirectToURL = 'index.php?commandLI=setCookie'; } } if ($redirectToURL = (string) $GLOBALS['BE_USER']->getTSConfigVal('auth.BE.redirectToURL')) { $this->redirectToURL = $redirectToURL; $this->GPinterface = ''; } // store interface $GLOBALS['BE_USER']->uc['interfaceSetup'] = $this->GPinterface; $GLOBALS['BE_USER']->writeUC(); // Based on specific setting of interface we set the redirect script: switch ($this->GPinterface) { case 'backend': case 'backend_old': $this->redirectToURL = 'backend.php'; break; case 'frontend': $this->redirectToURL = '../'; break; } /** @var $formProtection \TYPO3\CMS\Core\FormProtection\BackendFormProtection */ $formProtection = \TYPO3\CMS\Core\FormProtection\FormProtectionFactory::get(); // If there is a redirect URL AND if loginRefresh is not set... if (!$this->loginRefresh) { $formProtection->storeSessionTokenInRegistry(); HttpUtility::redirect($this->redirectToURL); } else { $formProtection->setSessionTokenFromRegistry(); $formProtection->persistSessionToken(); $GLOBALS['TBE_TEMPLATE']->JScode .= $GLOBALS['TBE_TEMPLATE']->wrapScriptTags(' if (parent.opener && (parent.opener.busy || parent.opener.TYPO3.loginRefresh)) { if (parent.opener.TYPO3.loginRefresh) { parent.opener.TYPO3.loginRefresh.startTimer(); } else { parent.opener.busy.loginRefreshed(); } parent.close(); } '); } } elseif (empty($GLOBALS['BE_USER']->user['uid']) && $this->isLoginInProgress()) { // Wrong password, wait for 5 seconds sleep(5); } }
* This is the MAIN DOCUMENT of the TypoScript driven standard front-end (from the "cms" extension) * Basically put this is the "index.php" script which all requests for TYPO3 delivered pages goes to in the frontend (the website) * The script configures constants, includes libraries and does a little logic here and there in order to instantiate the right classes to create the webpage. * All the real data processing goes on in the "tslib/" classes which this script will include and use as needed. * * Revised for TYPO3 3.6 June/2003 by Kasper Skårhøj * * @author Kasper Skårhøj <*****@*****.**> */ define('TYPO3_MODE', 'FE'); \TYPO3\CMS\Core\Core\Bootstrap::getInstance()->startOutputBuffering()->loadConfigurationAndInitialize()->loadTypo3LoadedExtAndExtLocalconf(TRUE)->applyAdditionalConfigurationSettings(); if (!\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('cms')) { die('<strong>Error:</strong> The main frontend extension "cms" was not loaded. Enable it in the extension manager in the backend.'); } // Timetracking started if ($_COOKIE[\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName()]) { require_once PATH_t3lib . 'class.t3lib_timetrack.php'; $TT = new \TYPO3\CMS\Core\TimeTracker\TimeTracker(); } else { require_once PATH_t3lib . 'class.t3lib_timetracknull.php'; $TT = new t3lib_timeTrackNull(); } $TT->start(); \TYPO3\CMS\Core\Core\Bootstrap::getInstance()->initializeTypo3DbGlobal(FALSE); // Hook to preprocess the current request: if (is_array($TYPO3_CONF_VARS['SC_OPTIONS']['tslib/index_ts.php']['preprocessRequest'])) { foreach ($TYPO3_CONF_VARS['SC_OPTIONS']['tslib/index_ts.php']['preprocessRequest'] as $hookFunction) { $hookParameters = array(); \TYPO3\CMS\Core\Utility\GeneralUtility::callUserFunction($hookFunction, $hookParameters, $hookParameters); } unset($hookFunction);
/** * Update current session to move back to the original user. * * @param AbstractUserAuthentication $authentication * @return void */ public function switchBackToOriginalUser(AbstractUserAuthentication $authentication) { $updateData = array('ses_userid' => $authentication->user['ses_backuserid'], 'ses_backuserid' => 0); $db = $this->getDatabaseConnection(); $db->exec_UPDATEquery('be_sessions', 'ses_id = ' . $db->fullQuoteStr($GLOBALS['BE_USER']->id, 'be_sessions') . ' AND ses_name = ' . $db->fullQuoteStr(BackendUserAuthentication::getCookieName(), 'be_sessions') . ' AND ses_userid=' . (int) $GLOBALS['BE_USER']->user['uid'], $updateData); }
/** * Creates the backend user object and returns it. * * @return FrontendBackendUserAuthentication the backend user object */ public function initializeBackendUser() { // PRE BE_USER HOOK if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/index_ts.php']['preBeUser'])) { foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/index_ts.php']['preBeUser'] as $_funcRef) { $_params = []; GeneralUtility::callUserFunction($_funcRef, $_params, $this); } } /** @var $BE_USER FrontendBackendUserAuthentication */ $BE_USER = null; // If the backend cookie is set, // we proceed and check if a backend user is logged in. if ($_COOKIE[BackendUserAuthentication::getCookieName()]) { $GLOBALS['TYPO3_MISC']['microtime_BE_USER_start'] = microtime(true); $this->getTimeTracker()->push('Back End user initialized', ''); // @todo validate the comment below: is this necessary? if so, // formfield_status should be set to "" in \TYPO3\CMS\Backend\FrontendBackendUserAuthentication // which is a subclass of \TYPO3\CMS\Core\Authentication\BackendUserAuthentication // ---- // the value this->formfield_status is set to empty in order to // disable login-attempts to the backend account through this script // New backend user object $BE_USER = GeneralUtility::makeInstance(FrontendBackendUserAuthentication::class); // Object is initialized $BE_USER->start(); $BE_USER->unpack_uc(); if (!empty($BE_USER->user['uid'])) { $BE_USER->fetchGroupData(); $this->beUserLogin = true; } // Unset the user initialization. if (!$BE_USER->checkLockToIP() || !$BE_USER->checkBackendAccessSettingsFromInitPhp() || empty($BE_USER->user['uid'])) { $BE_USER = null; $this->beUserLogin = false; } $this->getTimeTracker()->pull(); $GLOBALS['TYPO3_MISC']['microtime_BE_USER_end'] = microtime(true); } // POST BE_USER HOOK if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/index_ts.php']['postBeUser'])) { $_params = ['BE_USER' => &$BE_USER]; foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/index_ts.php']['postBeUser'] as $_funcRef) { GeneralUtility::callUserFunction($_funcRef, $_params, $this); } } return $BE_USER; }