/** * Render the debug bar */ public static function render() { if (\TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask'])) { $debugbarRenderer = $GLOBALS['debugbar']->getJavascriptRenderer(); $debugbarRenderer->setBaseUrl('typo3conf/ext/typo3profiler/Classes/Lib/DebugBar/vendor/maximebf/debugbar/src/DebugBar/Resources')->setEnableJqueryNoConflict(false); self::renderPhp(); self::renderPage(); self::renderTyposcript(); //self::renderContents(); $GLOBALS['TSFE']->content = str_replace('</head>', $debugbarRenderer->renderHead() . '</head>', $GLOBALS['TSFE']->content); $GLOBALS['TSFE']->content = str_replace('</body>', $debugbarRenderer->render() . '</body>', $GLOBALS['TSFE']->content); } }
/** * Find user which matches provided ip * * @param $userIp * @return array|bool */ protected function findUserByIp($userIp) { $user = FALSE; foreach ($this->ipConfigurations as $ipConfiguration) { $userId = $ipConfiguration['feusers']; // Check if ip address matches && user ID is valid if ($userId > 0 && GeneralUtility::cmpIP($userIp, $ipConfiguration['ip'])) { // Get user from database $user = $this->pObj->getRawUserByUid($userId); break; } } return $user; }
function debug($variable = '', $name = '*variable*', $line = '*line*', $file = '*file*', $recursiveDepth = 3, $debugLevel = E_DEBUG) { // If you wish to use the debug()-function, and it does not output something, // please edit the IP mask in TYPO3_CONF_VARS if (!\TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask'])) { return; } if (is_object($GLOBALS['error']) && @is_callable([$GLOBALS['error'], 'debug'])) { $GLOBALS['error']->debug($variable, $name, $line, $file, $recursiveDepth, $debugLevel); } else { $title = $name === '*variable*' ? '' : $name; $group = $line === '*line*' ? null : $line; \TYPO3\CMS\Core\Utility\DebugUtility::debug($variable, $title, $group); } }
/** * Find usergroup records, currently only for frontend * * @param array $user Data of user. * @param array $knownGroups Group data array of already known groups. This is handy if you want select other related groups. Keys in this array are unique IDs of those groups. * @return mixed Groups array, keys = uid which must be unique */ public function getGroups($user, $knownGroups) { /* * Attention: $knownGroups is not used within this method, but other services can use it. * This parameter should not be removed! * The FrontendUserAuthentication call getGroups and handover the previous detected groups. */ $groupDataArr = array(); if ($this->mode === 'getGroupsFE') { $groups = array(); if (is_array($user) && $user[$this->db_user['usergroup_column']]) { $groupList = $user[$this->db_user['usergroup_column']]; $groups = array(); $this->getSubGroups($groupList, '', $groups); } // ADD group-numbers if the IPmask matches. if (is_array($GLOBALS['TYPO3_CONF_VARS']['FE']['IPmaskMountGroups'])) { foreach ($GLOBALS['TYPO3_CONF_VARS']['FE']['IPmaskMountGroups'] as $IPel) { if ($this->authInfo['REMOTE_ADDR'] && $IPel[0] && GeneralUtility::cmpIP($this->authInfo['REMOTE_ADDR'], $IPel[0])) { $groups[] = (int) $IPel[1]; } } } $groups = array_unique($groups); if (!empty($groups)) { $list = implode(',', $groups); if ($this->writeDevLog) { GeneralUtility::devLog('Get usergroups with id: ' . $list, __CLASS__); } $lockToDomain_SQL = ' AND (lockToDomain=\'\' OR lockToDomain IS NULL OR lockToDomain=\'' . $this->authInfo['HTTP_HOST'] . '\')'; $hiddenP = !$this->authInfo['showHiddenRecords'] ? 'AND hidden=0 ' : ''; $res = $this->getDatabaseConnection()->exec_SELECTquery('*', $this->db_groups['table'], 'deleted=0 ' . $hiddenP . ' AND uid IN (' . $list . ')' . $lockToDomain_SQL); while ($row = $this->getDatabaseConnection()->sql_fetch_assoc($res)) { $groupDataArr[$row['uid']] = $row; } if ($res) { $this->getDatabaseConnection()->sql_free_result($res); } } else { if ($this->writeDevLog) { GeneralUtility::devLog('No usergroups found.', AuthenticationService::class, 2); } } } return $groupDataArr; }
/** * If TYPO3_CONF_VARS['BE']['enabledBeUserIPLock'] is enabled and * an IP-list is found in the User TSconfig objString "options.lockToIP", * then make an IP comparison with REMOTE_ADDR and return the outcome (TRUE/FALSE) * * @return boolean TRUE, if IP address validates OK (or no check is done at all) * @todo Define visibility */ public function checkLockToIP() { $out = 1; if ($GLOBALS['TYPO3_CONF_VARS']['BE']['enabledBeUserIPLock']) { $IPList = $this->getTSConfigVal('options.lockToIP'); if (trim($IPList)) { $baseIP = GeneralUtility::getIndpEnv('REMOTE_ADDR'); $out = GeneralUtility::cmpIP($baseIP, $IPList); } } return $out; }
public function execAndProfileQuery($query, $type) { if (empty($GLOBALS['TYPO3_DB']->mysqlprofilerConf['excludeTables'])) { $this->init(); } $isProfiling = $this->isProfiling($query, $type); if ($isProfiling) { $begin = microtime(true); } // exec query if (Typo3profiler_Utility_Compatibility::intFromVer(TYPO3_version) > 6000000) { if (!$this->isConnected) { $this->connectDB(); } $res = $this->link->query($query); } else { $res = mysql_query($query, $this->link); } if ($isProfiling) { $deltatime = round((microtime(true) - $begin) * 1000, 8); if ($GLOBALS['TSFE']->id == 0) { $debugFunc = $this->get_caller_method(3); } else { $debugFunc = $this->get_caller_method(2); } if (TYPO3_MODE == 'BE') { $debugFunc = $this->get_caller_method(3); } $debug = array('type' => $type, 'query' => $query, 'time' => $deltatime, 'backtrace' => $debugFunc, 'typo3mode' => TYPO3_MODE, 'page' => $GLOBALS['TSFE']->id !== null ? $GLOBALS['TSFE']->id : ''); if ($GLOBALS['TYPO3_DB']->mysqlprofilerConf['debugbarenabled'] == 1) { if (\TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask'])) { $GLOBALS['debugbar']['queries']->info('[' . $deltatime . '] ' . $query . ' --> ' . $debugFunc['file'] . ' @ ' . $debugFunc['line'] . ' : ' . $debugFunc['function']); } } $this->profiledQueries[] = $debug; if (TYPO3_MODE == 'BE') { $this->cleanSqlLog(); $this->insertSqlLog($debug); } } return $res; }
/** * Checks if the current client ip is allowed. * * @param string $whitelist * The ip whitelist. * * @return bool * Whether the current client ip is allowed or not. */ public function isAllowedIp($whitelist) { $remote = $_SERVER['REMOTE_ADDR']; // Use TYPO3 v6+ cmpIP if possible. if (is_callable(array('TYPO3\\CMS\\Core\\Utility\\GeneralUtility', 'cmpIP'))) { return \TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP($remote, $whitelist); } // Use TYPO3 v6- cmpIP if possible. if (is_callable(array('t3lib_div', 'cmpIP'))) { return \t3lib_div::cmpIP($remote, $whitelist); } // Fallback to the Chin Leung implementation. // @author Chin Leung // @see https://stackoverflow.com/questions/35559119/php-ip-address-whitelist-with-wildcards $whitelist = explode(',', $whitelist); if (in_array($remote, $whitelist)) { // If the ip is matched, return true. return true; } else { // Check the wildcards. foreach ($whitelist as $ip) { $ip = trim($ip); $wildcardPos = strpos($ip, "*"); # Check if the ip has a wildcard if ($wildcardPos !== false && substr($remote, 0, $wildcardPos) . "*" == $ip) { return true; } } } return false; }
/** * Explain select queries * If $this->explainOutput is set, SELECT queries will be explained here. Only queries with more than one possible result row will be displayed. * The output is either printed as raw HTML output or embedded into the TS admin panel (checkbox must be enabled!) * * @todo Feature is not DBAL-compliant * * @param string $query SQL query * @param string $from_table Table(s) from which to select. This is what comes right after "FROM ...". Required value. * @param int $row_count Number of resulting rows * @return bool TRUE if explain was run, FALSE otherwise */ protected function explain($query, $from_table, $row_count) { $debugAllowedForIp = GeneralUtility::cmpIP(GeneralUtility::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask']); if ((int) $this->explainOutput == 1 || (int) $this->explainOutput == 2 && $debugAllowedForIp) { // Raw HTML output $explainMode = 1; } elseif ((int) $this->explainOutput == 3 && is_object($GLOBALS['TT'])) { // Embed the output into the TS admin panel $explainMode = 2; } else { return false; } $error = $this->sql_error(); $trail = \TYPO3\CMS\Core\Utility\DebugUtility::debugTrail(); $explain_tables = array(); $explain_output = array(); $res = $this->sql_query('EXPLAIN ' . $query, $this->link); if (is_a($res, '\\mysqli_result')) { while ($tempRow = $this->sql_fetch_assoc($res)) { $explain_output[] = $tempRow; $explain_tables[] = $tempRow['table']; } $this->sql_free_result($res); } $indices_output = array(); // Notice: Rows are skipped if there is only one result, or if no conditions are set if ($explain_output[0]['rows'] > 1 || GeneralUtility::inList('ALL', $explain_output[0]['type'])) { // Only enable output if it's really useful $debug = true; foreach ($explain_tables as $table) { $tableRes = $this->sql_query('SHOW TABLE STATUS LIKE \'' . $table . '\''); $isTable = $this->sql_num_rows($tableRes); if ($isTable) { $res = $this->sql_query('SHOW INDEX FROM ' . $table, $this->link); if (is_a($res, '\\mysqli_result')) { while ($tempRow = $this->sql_fetch_assoc($res)) { $indices_output[] = $tempRow; } $this->sql_free_result($res); } } $this->sql_free_result($tableRes); } } else { $debug = false; } if ($debug) { if ($explainMode) { $data = array(); $data['query'] = $query; $data['trail'] = $trail; $data['row_count'] = $row_count; if ($error) { $data['error'] = $error; } if (!empty($explain_output)) { $data['explain'] = $explain_output; } if (!empty($indices_output)) { $data['indices'] = $indices_output; } if ($explainMode == 1) { \TYPO3\CMS\Core\Utility\DebugUtility::debug($data, 'Tables: ' . $from_table, 'DB SQL EXPLAIN'); } elseif ($explainMode == 2) { $GLOBALS['TT']->setTSselectQuery($data); } } return true; } return false; }
/** * Returns a link to the BE login screen with redirect to the front-end * * @return string HTML, a tag for a link to the backend. * @todo Define visibility */ public function beLoginLinkIPList() { if (!empty($this->config['config']['beLoginLinkIPList'])) { if (\TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REMOTE_ADDR'), $this->config['config']['beLoginLinkIPList'])) { $label = !$this->beUserLogin ? $this->config['config']['beLoginLinkIPList_login'] : $this->config['config']['beLoginLinkIPList_logout']; if ($label) { if (!$this->beUserLogin) { $link = '<a href="' . htmlspecialchars(TYPO3_mainDir . 'index.php?redirect_url=' . rawurlencode(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REQUEST_URI'))) . '">' . $label . '</a>'; } else { $link = '<a href="' . htmlspecialchars(TYPO3_mainDir . 'index.php?L=OUT&redirect_url=' . rawurlencode(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REQUEST_URI'))) . '">' . $label . '</a>'; } return $link; } } } }
/** * Handles a frontend request * * @param \Psr\Http\Message\ServerRequestInterface $request * @return NULL|\Psr\Http\Message\ResponseInterface */ public function handleRequest(\Psr\Http\Message\ServerRequestInterface $request) { $response = null; $this->request = $request; $this->initializeTimeTracker(); // Hook to preprocess the current request: if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/index_ts.php']['preprocessRequest'])) { foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/index_ts.php']['preprocessRequest'] as $hookFunction) { $hookParameters = array(); GeneralUtility::callUserFunction($hookFunction, $hookParameters, $hookParameters); } unset($hookFunction); unset($hookParameters); } $this->initializeController(); if ($GLOBALS['TYPO3_CONF_VARS']['FE']['pageUnavailable_force'] && !GeneralUtility::cmpIP(GeneralUtility::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask'])) { $this->controller->pageUnavailableAndExit('This page is temporarily unavailable.'); } $this->controller->connectToDB(); $this->controller->sendRedirect(); // Output compression // Remove any output produced until now $this->bootstrap->endOutputBufferingAndCleanPreviousOutput(); $this->initializeOutputCompression(); // Initializing the Frontend User $this->timeTracker->push('Front End user initialized', ''); $this->controller->initFEuser(); $this->timeTracker->pull(); // Initializing a possible logged-in Backend User /** @var $GLOBALS['BE_USER'] \TYPO3\CMS\Backend\FrontendBackendUserAuthentication */ $GLOBALS['BE_USER'] = $this->controller->initializeBackendUser(); // Process the ID, type and other parameters. // After this point we have an array, $page in TSFE, which is the page-record // of the current page, $id. $this->timeTracker->push('Process ID', ''); // Initialize admin panel since simulation settings are required here: if ($this->controller->isBackendUserLoggedIn()) { $GLOBALS['BE_USER']->initializeAdminPanel(); $this->bootstrap->initializeBackendRouter()->loadExtensionTables(); } else { $this->bootstrap->loadCachedTca(); } $this->controller->checkAlternativeIdMethods(); $this->controller->clear_preview(); $this->controller->determineId(); // Now, if there is a backend user logged in and he has NO access to this page, // then re-evaluate the id shown! _GP('ADMCMD_noBeUser') is placed here because // \TYPO3\CMS\Version\Hook\PreviewHook might need to know if a backend user is logged in. if ($this->controller->isBackendUserLoggedIn() && (!$GLOBALS['BE_USER']->extPageReadAccess($this->controller->page) || GeneralUtility::_GP('ADMCMD_noBeUser'))) { // Remove user unset($GLOBALS['BE_USER']); $this->controller->beUserLogin = false; // Re-evaluate the page-id. $this->controller->checkAlternativeIdMethods(); $this->controller->clear_preview(); $this->controller->determineId(); } $this->controller->makeCacheHash(); $this->timeTracker->pull(); // Admin Panel & Frontend editing if ($this->controller->isBackendUserLoggedIn()) { $GLOBALS['BE_USER']->initializeFrontendEdit(); if ($GLOBALS['BE_USER']->adminPanel instanceof AdminPanelView) { $this->bootstrap->initializeLanguageObject(); } if ($GLOBALS['BE_USER']->frontendEdit instanceof FrontendEditingController) { $GLOBALS['BE_USER']->frontendEdit->initConfigOptions(); } } // Starts the template $this->timeTracker->push('Start Template', ''); $this->controller->initTemplate(); $this->timeTracker->pull(); // Get from cache $this->timeTracker->push('Get Page from cache', ''); $this->controller->getFromCache(); $this->timeTracker->pull(); // Get config if not already gotten // After this, we should have a valid config-array ready $this->controller->getConfigArray(); // Setting language and locale $this->timeTracker->push('Setting language and locale', ''); $this->controller->settingLanguage(); $this->controller->settingLocale(); $this->timeTracker->pull(); // Convert POST data to utf-8 for internal processing if metaCharset is different $this->controller->convPOSTCharset(); $this->controller->initializeRedirectUrlHandlers(); $this->controller->handleDataSubmission(); // Check for shortcut page and redirect $this->controller->checkPageForShortcutRedirect(); $this->controller->checkPageForMountpointRedirect(); // Generate page $this->controller->setUrlIdToken(); $this->timeTracker->push('Page generation', ''); if ($this->controller->isGeneratePage()) { $this->controller->generatePage_preProcessing(); $temp_theScript = $this->controller->generatePage_whichScript(); if ($temp_theScript) { include $temp_theScript; } else { PageGenerator::pagegenInit(); // Global content object $this->controller->newCObj(); // Content generation if (!$this->controller->isINTincScript()) { PageGenerator::renderContent(); $this->controller->setAbsRefPrefix(); } } $this->controller->generatePage_postProcessing(); } elseif ($this->controller->isINTincScript()) { PageGenerator::pagegenInit(); // Global content object $this->controller->newCObj(); } $this->controller->releaseLocks(); $this->timeTracker->pull(); // Render non-cached parts if ($this->controller->isINTincScript()) { $this->timeTracker->push('Non-cached objects', ''); $this->controller->INTincScript(); $this->timeTracker->pull(); } // Output content $sendTSFEContent = false; if ($this->controller->isOutputting()) { $this->timeTracker->push('Print Content', ''); $this->controller->processOutput(); $sendTSFEContent = true; $this->timeTracker->pull(); } // Store session data for fe_users $this->controller->storeSessionData(); // Statistics $GLOBALS['TYPO3_MISC']['microtime_end'] = microtime(true); $this->controller->setParseTime(); if (isset($this->controller->config['config']['debug'])) { $debugParseTime = (bool) $this->controller->config['config']['debug']; } else { $debugParseTime = !empty($this->controller->TYPO3_CONF_VARS['FE']['debug']); } if ($this->controller->isOutputting() && $debugParseTime) { $this->controller->content .= LF . '<!-- Parsetime: ' . $this->controller->scriptParseTime . 'ms -->'; } $this->controller->redirectToExternalUrl(); // Preview info $this->controller->previewInfo(); // Hook for end-of-frontend $this->controller->hook_eofe(); // Finish timetracking $this->timeTracker->pull(); // Check memory usage MonitorUtility::peakMemoryUsage(); // beLoginLinkIPList echo $this->controller->beLoginLinkIPList(); // Admin panel if ($this->controller->isBackendUserLoggedIn() && $GLOBALS['BE_USER'] instanceof FrontendBackendUserAuthentication) { if ($GLOBALS['BE_USER']->extAdmEnabled) { // Style sheet is also used for frontend editing. $this->controller->content = str_ireplace('</head>', $GLOBALS['BE_USER']->adminPanel->getAdminPanelHeaderData() . '</head>', $this->controller->content); } if ($GLOBALS['BE_USER']->isAdminPanelVisible()) { $this->controller->content = str_ireplace('</body>', $GLOBALS['BE_USER']->displayAdminPanel() . '</body>', $this->controller->content); } } if ($sendTSFEContent) { /** @var \TYPO3\CMS\Core\Http\Response $response */ $response = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Http\Response::class); $response->getBody()->write($this->controller->content); } // Debugging Output if (isset($GLOBALS['error']) && is_object($GLOBALS['error']) && @is_callable(array($GLOBALS['error'], 'debugOutput'))) { $GLOBALS['error']->debugOutput(); } if (TYPO3_DLOG) { GeneralUtility::devLog('END of FRONTEND session', 'cms', 0, array('_FLUSH' => true)); } return $response; }
/** * Find usergroup records, currently only for frontend * * @param array $user Data of user. * @param array $knownGroups Group data array of already known groups. This is handy if you want select other related groups. Keys in this array are unique IDs of those groups. * @return mixed Groups array, keys = uid which must be unique * @todo Define visibility */ public function getGroups($user, $knownGroups) { global $TYPO3_CONF_VARS; $groupDataArr = array(); if ($this->mode == 'getGroupsFE') { $groups = array(); if (is_array($user) && $user[$this->db_user['usergroup_column']]) { $groupList = $user[$this->db_user['usergroup_column']]; $groups = array(); $this->getSubGroups($groupList, '', $groups); } // ADD group-numbers if the IPmask matches. if (is_array($TYPO3_CONF_VARS['FE']['IPmaskMountGroups'])) { foreach ($TYPO3_CONF_VARS['FE']['IPmaskMountGroups'] as $IPel) { if ($this->authInfo['REMOTE_ADDR'] && $IPel[0] && \TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP($this->authInfo['REMOTE_ADDR'], $IPel[0])) { $groups[] = (int) $IPel[1]; } } } $groups = array_unique($groups); if (count($groups)) { $list = implode(',', $groups); if ($this->writeDevLog) { \TYPO3\CMS\Core\Utility\GeneralUtility::devLog('Get usergroups with id: ' . $list, 'TYPO3\\CMS\\Sv\\AuthenticationService'); } $lockToDomain_SQL = ' AND (lockToDomain=\'\' OR lockToDomain IS NULL OR lockToDomain=\'' . $this->authInfo['HTTP_HOST'] . '\')'; if (!$this->authInfo['showHiddenRecords']) { $hiddenP = 'AND hidden=0 '; } $res = $GLOBALS['TYPO3_DB']->exec_SELECTquery('*', $this->db_groups['table'], 'deleted=0 ' . $hiddenP . ' AND uid IN (' . $list . ')' . $lockToDomain_SQL); while ($row = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($res)) { $groupDataArr[$row['uid']] = $row; } if ($res) { $GLOBALS['TYPO3_DB']->sql_free_result($res); } } else { if ($this->writeDevLog) { \TYPO3\CMS\Core\Utility\GeneralUtility::devLog('No usergroups found.', 'TYPO3\\CMS\\Sv\\AuthenticationService', 2); } } } elseif ($this->mode == 'getGroupsBE') { } return $groupDataArr; }
/** * Authenticate a user * Return 200 if the IP is right. This means that no more checks are needed. Otherwise authentication may fail because we may don't have a password. * * @param array Data of user. * @return boolean */ function authUser($user) { $ret = self::STATUS_AUTHENTICATION_SUCCESS_CONTINUE; // any auto option set? if ($user['tx_pxipauth_mode'] > 0) { $IPList = trim($user['tx_pxipauth_ip_list']); // auto IP login only if ($user['tx_pxipauth_mode'] == self::LOGIN_MODE_AUTO_ONLY) { // we check always - also without an given IP $ret = \TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP($this->getClientIp(), $IPList); $ret = $ret ? self::STATUS_AUTHENTICATION_SUCCESS_BREAK : self::STATUS_AUTHENTICATION_FAILURE_BREAK; // this option is checked with an given IP only } elseif ($IPList) { $ret = \TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP($this->getClientIp(), $IPList); $ret = $ret ? self::STATUS_AUTHENTICATION_SUCCESS_BREAK : self::STATUS_AUTHENTICATION_SUCCESS_CONTINUE; } } // Checking the domain (lockToDomain) if ($ret && $user['lockToDomain'] && $user['lockToDomain'] != $this->authInfo['HTTP_HOST']) { // Lock domain didn't match, so error: if ($this->writeAttemptLog) { $this->writelog(255, 3, 3, 1, 'Login-attempt from %s (%s), username \'%s\', locked domain \'%s\' did not match \'%s\'!', array($this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->db_user['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST'])); \TYPO3\CMS\Core\Utility\GeneralUtility::sysLog(sprintf('Login-attempt from %s (%s), username \'%s\', locked domain \'%s\' did not match \'%s\'!', $this->authInfo['REMOTE_ADDR'], $this->authInfo['REMOTE_HOST'], $user[$this->db_user['username_column']], $user['lockToDomain'], $this->authInfo['HTTP_HOST']), 'Core', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_WARNING); } $ret = self::STATUS_AUTHENTICATION_FAILURE_BREAK; } return $ret; }
/** * Handles a frontend request * * @return void */ public function handleRequest() { \TYPO3\CMS\Core\Core\Bootstrap::getInstance()->loadTypo3LoadedExtAndExtLocalconf(TRUE)->applyAdditionalConfigurationSettings(); // Timetracking started $configuredCookieName = trim($GLOBALS['TYPO3_CONF_VARS']['BE']['cookieName']); if (empty($configuredCookieName)) { $configuredCookieName = 'be_typo_user'; } if ($_COOKIE[$configuredCookieName]) { $GLOBALS['TT'] = new \TYPO3\CMS\Core\TimeTracker\TimeTracker(); } else { $GLOBALS['TT'] = new \TYPO3\CMS\Core\TimeTracker\NullTimeTracker(); } $GLOBALS['TT']->start(); \TYPO3\CMS\Core\Core\Bootstrap::getInstance()->initializeTypo3DbGlobal(); // Hook to preprocess the current request: if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/index_ts.php']['preprocessRequest'])) { foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['tslib/index_ts.php']['preprocessRequest'] as $hookFunction) { $hookParameters = array(); \TYPO3\CMS\Core\Utility\GeneralUtility::callUserFunction($hookFunction, $hookParameters, $hookParameters); } unset($hookFunction); unset($hookParameters); } // Look for extension ID which will launch alternative output engine if ($temp_extId = \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('eID')) { if ($classPath = \TYPO3\CMS\Core\Utility\GeneralUtility::getFileAbsFileName($GLOBALS['TYPO3_CONF_VARS']['FE']['eID_include'][$temp_extId])) { // Remove any output produced until now ob_clean(); require $classPath; } die; } /** @var $GLOBALS['TSFE'] \TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController */ $GLOBALS['TSFE'] = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Frontend\\Controller\\TypoScriptFrontendController', $GLOBALS['TYPO3_CONF_VARS'], \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('id'), \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('type'), \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('no_cache'), \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('cHash'), \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('jumpurl'), \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('MP'), \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('RDCT')); if ($GLOBALS['TYPO3_CONF_VARS']['FE']['pageUnavailable_force'] && !\TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask'])) { $GLOBALS['TSFE']->pageUnavailableAndExit('This page is temporarily unavailable.'); } $GLOBALS['TSFE']->connectToDB(); $GLOBALS['TSFE']->sendRedirect(); // Output compression // Remove any output produced until now ob_clean(); if ($GLOBALS['TYPO3_CONF_VARS']['FE']['compressionLevel'] && extension_loaded('zlib')) { if (\TYPO3\CMS\Core\Utility\MathUtility::canBeInterpretedAsInteger($GLOBALS['TYPO3_CONF_VARS']['FE']['compressionLevel'])) { // Prevent errors if ini_set() is unavailable (safe mode) @ini_set('zlib.output_compression_level', $GLOBALS['TYPO3_CONF_VARS']['FE']['compressionLevel']); } ob_start(array(\TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Frontend\\Utility\\CompressionUtility'), 'compressionOutputHandler')); } // FE_USER $GLOBALS['TT']->push('Front End user initialized', ''); /** @var $GLOBALS['TSFE'] \TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController */ $GLOBALS['TSFE']->initFEuser(); $GLOBALS['TT']->pull(); // BE_USER /** @var $GLOBALS['BE_USER'] \TYPO3\CMS\Backend\FrontendBackendUserAuthentication */ $GLOBALS['BE_USER'] = $GLOBALS['TSFE']->initializeBackendUser(); // Process the ID, type and other parameters. // After this point we have an array, $page in TSFE, which is the page-record // of the current page, $id. $GLOBALS['TT']->push('Process ID', ''); // Initialize admin panel since simulation settings are required here: if ($GLOBALS['TSFE']->isBackendUserLoggedIn()) { $GLOBALS['BE_USER']->initializeAdminPanel(); \TYPO3\CMS\Core\Core\Bootstrap::getInstance()->loadExtensionTables(TRUE); } else { \TYPO3\CMS\Core\Core\Bootstrap::getInstance()->loadCachedTca(); } $GLOBALS['TSFE']->checkAlternativeIdMethods(); $GLOBALS['TSFE']->clear_preview(); $GLOBALS['TSFE']->determineId(); // Now, if there is a backend user logged in and he has NO access to this page, // then re-evaluate the id shown! _GP('ADMCMD_noBeUser') is placed here because // \TYPO3\CMS\Version\Hook\PreviewHook might need to know if a backend user is logged in. if ($GLOBALS['TSFE']->isBackendUserLoggedIn() && (!$GLOBALS['BE_USER']->extPageReadAccess($GLOBALS['TSFE']->page) || \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('ADMCMD_noBeUser'))) { // Remove user unset($GLOBALS['BE_USER']); $GLOBALS['TSFE']->beUserLogin = FALSE; // Re-evaluate the page-id. $GLOBALS['TSFE']->checkAlternativeIdMethods(); $GLOBALS['TSFE']->clear_preview(); $GLOBALS['TSFE']->determineId(); } $GLOBALS['TSFE']->makeCacheHash(); $GLOBALS['TT']->pull(); // Admin Panel & Frontend editing if ($GLOBALS['TSFE']->isBackendUserLoggedIn()) { $GLOBALS['BE_USER']->initializeFrontendEdit(); if ($GLOBALS['BE_USER']->adminPanel instanceof \TYPO3\CMS\Frontend\View\AdminPanelView) { \TYPO3\CMS\Core\Core\Bootstrap::getInstance()->initializeLanguageObject()->initializeSpriteManager(); } if ($GLOBALS['BE_USER']->frontendEdit instanceof \TYPO3\CMS\Core\FrontendEditing\FrontendEditingController) { $GLOBALS['BE_USER']->frontendEdit->initConfigOptions(); } } // Starts the template $GLOBALS['TT']->push('Start Template', ''); $GLOBALS['TSFE']->initTemplate(); $GLOBALS['TT']->pull(); // Get from cache $GLOBALS['TT']->push('Get Page from cache', ''); $GLOBALS['TSFE']->getFromCache(); $GLOBALS['TT']->pull(); // Get config if not already gotten // After this, we should have a valid config-array ready $GLOBALS['TSFE']->getConfigArray(); // Setting language and locale $GLOBALS['TT']->push('Setting language and locale', ''); $GLOBALS['TSFE']->settingLanguage(); $GLOBALS['TSFE']->settingLocale(); $GLOBALS['TT']->pull(); // Convert POST data to internal "renderCharset" if different from the metaCharset $GLOBALS['TSFE']->convPOSTCharset(); // Check JumpUrl $GLOBALS['TSFE']->setExternalJumpUrl(); $GLOBALS['TSFE']->checkJumpUrlReferer(); $GLOBALS['TSFE']->handleDataSubmission(); // Check for shortcut page and redirect $GLOBALS['TSFE']->checkPageForShortcutRedirect(); $GLOBALS['TSFE']->checkPageForMountpointRedirect(); // Generate page $GLOBALS['TSFE']->setUrlIdToken(); $GLOBALS['TT']->push('Page generation', ''); if ($GLOBALS['TSFE']->isGeneratePage()) { $GLOBALS['TSFE']->generatePage_preProcessing(); $temp_theScript = $GLOBALS['TSFE']->generatePage_whichScript(); if ($temp_theScript) { include $temp_theScript; } else { \TYPO3\CMS\Frontend\Page\PageGenerator::pagegenInit(); // Global content object $GLOBALS['TSFE']->newCObj(); // LIBRARY INCLUSION, TypoScript $temp_incFiles = \TYPO3\CMS\Frontend\Page\PageGenerator::getIncFiles(); foreach ($temp_incFiles as $temp_file) { include_once './' . $temp_file; } // Content generation if (!$GLOBALS['TSFE']->isINTincScript()) { \TYPO3\CMS\Frontend\Page\PageGenerator::renderContent(); $GLOBALS['TSFE']->setAbsRefPrefix(); } } $GLOBALS['TSFE']->generatePage_postProcessing(); } elseif ($GLOBALS['TSFE']->isINTincScript()) { \TYPO3\CMS\Frontend\Page\PageGenerator::pagegenInit(); // Global content object $GLOBALS['TSFE']->newCObj(); // LIBRARY INCLUSION, TypoScript $temp_incFiles = \TYPO3\CMS\Frontend\Page\PageGenerator::getIncFiles(); foreach ($temp_incFiles as $temp_file) { include_once './' . $temp_file; } } $GLOBALS['TT']->pull(); // $GLOBALS['TSFE']->config['INTincScript'] if ($GLOBALS['TSFE']->isINTincScript()) { $GLOBALS['TT']->push('Non-cached objects', ''); $GLOBALS['TSFE']->INTincScript(); $GLOBALS['TT']->pull(); } // Output content $sendTSFEContent = FALSE; if ($GLOBALS['TSFE']->isOutputting()) { $GLOBALS['TT']->push('Print Content', ''); $GLOBALS['TSFE']->processOutput(); $sendTSFEContent = TRUE; $GLOBALS['TT']->pull(); } // Store session data for fe_users $GLOBALS['TSFE']->storeSessionData(); // Statistics $GLOBALS['TYPO3_MISC']['microtime_end'] = microtime(TRUE); $GLOBALS['TSFE']->setParseTime(); if (isset($GLOBALS['TSFE']->config['config']['debug'])) { $debugParseTime = (bool) $GLOBALS['TSFE']->config['config']['debug']; } else { $debugParseTime = !empty($GLOBALS['TSFE']->TYPO3_CONF_VARS['FE']['debug']); } if ($GLOBALS['TSFE']->isOutputting() && $debugParseTime) { $GLOBALS['TSFE']->content .= LF . '<!-- Parsetime: ' . $GLOBALS['TSFE']->scriptParseTime . 'ms -->'; } // Check JumpUrl $GLOBALS['TSFE']->jumpurl(); // Preview info $GLOBALS['TSFE']->previewInfo(); // Hook for end-of-frontend $GLOBALS['TSFE']->hook_eofe(); // Finish timetracking $GLOBALS['TT']->pull(); // Check memory usage \TYPO3\CMS\Core\Utility\MonitorUtility::peakMemoryUsage(); // beLoginLinkIPList echo $GLOBALS['TSFE']->beLoginLinkIPList(); // Admin panel if ($GLOBALS['TSFE']->isBackendUserLoggedIn() && $GLOBALS['BE_USER'] instanceof \TYPO3\CMS\Backend\FrontendBackendUserAuthentication && $GLOBALS['BE_USER']->isAdminPanelVisible()) { $GLOBALS['TSFE']->content = str_ireplace('</head>', $GLOBALS['BE_USER']->adminPanel->getAdminPanelHeaderData() . '</head>', $GLOBALS['TSFE']->content); $GLOBALS['TSFE']->content = str_ireplace('</body>', $GLOBALS['BE_USER']->displayAdminPanel() . '</body>', $GLOBALS['TSFE']->content); } if ($sendTSFEContent) { echo $GLOBALS['TSFE']->content; } // Debugging Output if (isset($GLOBALS['error']) && is_object($GLOBALS['error']) && @is_callable(array($GLOBALS['error'], 'debugOutput'))) { $GLOBALS['error']->debugOutput(); } if (TYPO3_DLOG) { \TYPO3\CMS\Core\Utility\GeneralUtility::devLog('END of FRONTEND session', 'cms', 0, array('_FLUSH' => TRUE)); } \TYPO3\CMS\Core\Core\Bootstrap::getInstance()->shutdown(); }
/** * Implementing the access checks that the typo3/init.php script does before a user is ever logged in. * Used in the frontend. * * @return boolean Returns TRUE if access is OK * @see typo3/init.php, t3lib_beuserauth::backendCheckLogin() */ public function checkBackendAccessSettingsFromInitPhp() { // Check Hardcoded lock on BE if ($GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] < 0) { return FALSE; } // Check IP if (trim($GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) { if (!\TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) { return FALSE; } } // Check SSL (https) if (intval($GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL']) && $GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] != 3) { if (!\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_SSL')) { return FALSE; } } // Finally a check from t3lib_beuserauth::backendCheckLogin() if ($this->isUserAllowedToLogin()) { return TRUE; } else { return FALSE; } }
/** * The main method of the backend module * * @return void */ public function main() { // Include the LL file for phpMyAdmin $GLOBALS['LANG']->includeLLFile('EXT:phpmyadmin/Resources/Private/Language/locallang.xlf'); // Set the path to phpMyAdmin $extPath = ExtensionManagementUtility::extPath('phpmyadmin'); $typo3DocumentRoot = GeneralUtility::getIndpEnv('TYPO3_DOCUMENT_ROOT'); // Set class config for module $this->MCONF = $GLOBALS['MCONF']; // Get config $extensionConfiguration = unserialize($GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['phpmyadmin']); // IP-based Access restrictions $devIPmask = trim($GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask']); $remoteAddress = GeneralUtility::getIndpEnv('REMOTE_ADDR'); // Check for IP restriction (devIpMask), and die if not allowed $useDevIpMask = (bool) $extensionConfiguration['useDevIpMask']; if ($useDevIpMask === TRUE) { // Abort if devIPmask is wildcarded if ($devIPmask != '*') { $message = '<h1>' . $GLOBALS['LANG']->getLL('module.headline.accessDenied') . '</h1> <p>' . sprintf($GLOBALS['LANG']->getLL('module.message.accessDenied.devIpMask'), $remoteAddress, $devIPmask) . '</p>'; if (!GeneralUtility::cmpIP($remoteAddress, $devIPmask)) { die($message); } } } // Check for ip restriction, and die if not allowed $allowedIps = trim($extensionConfiguration['allowedIps']); if (!empty($allowedIps)) { $message = '<h1>' . $GLOBALS['LANG']->getLL('module.headline.accessDenied') . '</h1> <p>' . sprintf($GLOBALS['LANG']->getLL('module.message.accessDenied.allowedIps'), $remoteAddress, $allowedIps) . '</p>'; if (!GeneralUtility::cmpIP($remoteAddress, $allowedIps)) { die($message); } } // Path to install dir $this->MCONF['PMA_absolute_path'] = $extPath . $this->MCONF['PMA_subdir']; // PMA uses relative file inclusion, so we need to ensure a proper include_path @set_include_path($this->MCONF['PMA_absolute_path'] . PATH_SEPARATOR . get_include_path()); // Path to web dir $this->MCONF['PMA_relative_path'] = ExtensionManagementUtility::extRelPath('phpmyadmin') . $this->MCONF['PMA_subdir']; // If phpMyAdmin is configured in the conf.php script, we continue to load it... if ($this->MCONF['PMA_absolute_path'] && @is_dir($this->MCONF['PMA_absolute_path'])) { // Need to have cookie visible from parent directory session_set_cookie_params(0, '/', '', 0); // Create signon session $session_name = 'tx_phpmyadmin'; session_name($session_name); session_start(); // Store the credentials in the session $_SESSION['PMA_single_signon_user'] = TYPO3_db_username; $_SESSION['PMA_single_signon_password'] = TYPO3_db_password; $_SESSION['PMA_single_signon_host'] = TYPO3_db_host; $_SESSION['PMA_single_signon_port'] = $GLOBALS['TYPO3_CONF_VARS']['DB']['port']; $_SESSION['PMA_single_signon_only_db'] = TYPO3_db; // If a socket connection is configured, use this for mysqli if (isset($GLOBALS['TYPO3_CONF_VARS']['DB']['socket'])) { $_SESSION['PMA_typo3_socket'] = $GLOBALS['TYPO3_CONF_VARS']['DB']['socket']; } // Configure some other parameters $_SESSION['PMA_extConf'] = $GLOBALS['TYPO3_CONF_VARS']['EXT']['extConf']['phpmyadmin']; $_SESSION['PMA_hideOtherDBs'] = $extensionConfiguration['hideOtherDBs']; // Get signon uri for redirect $path_ext = substr($extPath, strlen($typo3DocumentRoot), strlen($extPath)); $path_ext = substr($path_ext, 0, 1) != '/' ? '/' . $path_ext : $path_ext; $path_pma = $path_ext . $this->MCONF['PMA_subdir']; $_SESSION['PMA_SignonURL'] = $path_pma . 'index.php'; // Try to get the TYPO3 backend uri even if it's installed in a subdirectory // Compile logout path and add a slash if the returned string does not start with $path_typo3 = substr(PATH_typo3, strlen($typo3DocumentRoot), strlen(PATH_typo3)); $path_typo3 = substr($path_typo3, 0, 1) != '/' ? '/' . $path_typo3 : $path_typo3; $_SESSION['PMA_LogoutURL'] = $path_typo3 . 'logout.php'; // Prepend document root if uploadDir does not start with a slash "/" $extensionConfiguration['uploadDir'] = trim($extensionConfiguration['uploadDir']); if (strpos($extensionConfiguration['uploadDir'], '/') !== 0) { $_SESSION['PMA_uploadDir'] = $typo3DocumentRoot . '/' . $extensionConfiguration['uploadDir']; } else { $_SESSION['PMA_uploadDir'] = $extensionConfiguration['uploadDir']; } $_SESSION['PMA_typo3_db'] = TYPO3_db; // Get current session id $currentSessionId = session_id(); // Force to set the cookie according to issue #8884 // http://bugs.typo3.org/view.php?id=8884#c23323 setcookie($session_name, $currentSessionId, 0, '/', ''); // Close that session session_write_close(); // Mapping language keys for phpMyAdmin $languageKeyMapping = array('default' => 'en', 'dk' => 'da', 'de' => 'de', 'no' => 'no', 'it' => 'it', 'fr' => 'fr', 'es' => 'es', 'nl' => 'nl', 'cz' => 'cs-iso', 'pl' => 'pl', 'si' => 'sk'); $languageKey = $languageKeyMapping[$GLOBALS['LANG']->lang]; if (!$languageKey) { $languageKey = 'en'; } // Redirect to phpMyAdmin (should use absolute URL here!), setting default database $redirectUri = GeneralUtility::locationHeaderUrl($_SESSION['PMA_SignonURL'] . '?lang=' . $languageKey . '&db=' . urlencode(TYPO3_db)); // Build and set cache-header header $headers = array('Expires: Mon, 26 Jul 1997 05:00:00 GMT', 'Pragma: no-cache', 'Cache-Control: private'); // Send all headers foreach ($headers as $header) { header($header); } \TYPO3\CMS\Core\Utility\HttpUtility::redirect($redirectUri, \TYPO3\CMS\Core\Utility\HttpUtility::HTTP_STATUS_302); } else { // Render body $this->doc = GeneralUtility::makeInstance('TYPO3\\CMS\\Backend\\Template\\DocumentTemplate'); $this->content = $this->doc->startPage($GLOBALS['LANG']->getLL('module.title')); $this->content .= '<h1>' . $GLOBALS['LANG']->getLL('module.headline.error') . '</h1>'; // No configuration set $this->content .= '<p>' . sprintf($GLOBALS['LANG']->getLL('module.error.invalidConfiguration'), $this->MCONF['PMA_subdir']) . '</p>'; // End document $this->content .= $this->doc->endPage(); } }
} unset($hookFunction); unset($hookParameters); } // Look for extension ID which will launch alternative output engine if ($temp_extId = \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('eID')) { if ($classPath = \TYPO3\CMS\Core\Utility\GeneralUtility::getFileAbsFileName($TYPO3_CONF_VARS['FE']['eID_include'][$temp_extId])) { // Remove any output produced until now ob_clean(); require $classPath; } die; } /** @var $TSFE \TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController */ $TSFE = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Frontend\\Controller\\TypoScriptFrontendController', $TYPO3_CONF_VARS, \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('id'), \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('type'), \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('no_cache'), \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('cHash'), \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('jumpurl'), \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('MP'), \TYPO3\CMS\Core\Utility\GeneralUtility::_GP('RDCT')); if ($TYPO3_CONF_VARS['FE']['pageUnavailable_force'] && !\TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REMOTE_ADDR'), $TYPO3_CONF_VARS['SYS']['devIPmask'])) { $TSFE->pageUnavailableAndExit('This page is temporarily unavailable.'); } $TSFE->connectToDB(); $TSFE->sendRedirect(); // Output compression // Remove any output produced until now ob_clean(); if ($TYPO3_CONF_VARS['FE']['compressionLevel'] && extension_loaded('zlib')) { if (\TYPO3\CMS\Core\Utility\MathUtility::canBeInterpretedAsInteger($TYPO3_CONF_VARS['FE']['compressionLevel'])) { // Prevent errors if ini_set() is unavailable (safe mode) @ini_set('zlib.output_compression_level', $TYPO3_CONF_VARS['FE']['compressionLevel']); } ob_start(array(\TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Frontend\\Utility\\CompressionUtility'), 'compressionOutputHandler')); } // FE_USER
/** * Compare client IP with IPmaskList and exit the script run * if the client is not allowed to access the backend * * @return \TYPO3\CMS\Core\Core\Bootstrap * @internal This is not a public API method, do not use in own extensions */ public function checkBackendIpOrDie() { if (trim($GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) { if (!\TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) { // Send Not Found header - if the webserver can make use of it header('Status: 404 Not Found'); // Just point us away from here... header('Location: http://'); // ... and exit good! die; } } return $this; }
/** * Evaluates a TypoScript condition given as input, eg. "[applicationContext = Production][...(other condition)...]" * * @param string $key The condition to match against its criteria. * @param string $value * @return NULL|bool Result of the evaluation; NULL if condition could not be evaluated */ protected function evaluateConditionCommon($key, $value) { $keyParts = GeneralUtility::trimExplode('|', $key); switch ($keyParts[0]) { case 'applicationContext': $values = GeneralUtility::trimExplode(',', $value, true); $currentApplicationContext = GeneralUtility::getApplicationContext(); foreach ($values as $applicationContext) { if ($this->searchStringWildcard($currentApplicationContext, $applicationContext)) { return true; } } return false; break; case 'language': if (GeneralUtility::getIndpEnv('HTTP_ACCEPT_LANGUAGE') === $value) { return true; } $values = GeneralUtility::trimExplode(',', $value, true); foreach ($values as $test) { if (preg_match('/^\\*.+\\*$/', $test)) { $allLanguages = preg_split('/[,;]/', GeneralUtility::getIndpEnv('HTTP_ACCEPT_LANGUAGE')); if (in_array(substr($test, 1, -1), $allLanguages)) { return true; } } elseif (GeneralUtility::getIndpEnv('HTTP_ACCEPT_LANGUAGE') == $test) { return true; } } return false; break; case 'IP': if ($value === 'devIP') { $value = trim($GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask']); } return (bool) GeneralUtility::cmpIP(GeneralUtility::getIndpEnv('REMOTE_ADDR'), $value); break; case 'hostname': return (bool) GeneralUtility::cmpFQDN(GeneralUtility::getIndpEnv('REMOTE_ADDR'), $value); break; case 'hour': case 'minute': case 'month': case 'year': case 'dayofweek': case 'dayofmonth': case 'dayofyear': // In order to simulate time properly in templates. $theEvalTime = $GLOBALS['SIM_EXEC_TIME']; switch ($key) { case 'hour': $theTestValue = date('H', $theEvalTime); break; case 'minute': $theTestValue = date('i', $theEvalTime); break; case 'month': $theTestValue = date('m', $theEvalTime); break; case 'year': $theTestValue = date('Y', $theEvalTime); break; case 'dayofweek': $theTestValue = date('w', $theEvalTime); break; case 'dayofmonth': $theTestValue = date('d', $theEvalTime); break; case 'dayofyear': $theTestValue = date('z', $theEvalTime); break; } $theTestValue = (int) $theTestValue; // comp $values = GeneralUtility::trimExplode(',', $value, true); foreach ($values as $test) { if (\TYPO3\CMS\Core\Utility\MathUtility::canBeInterpretedAsInteger($test)) { $test = '=' . $test; } if ($this->compareNumber($test, $theTestValue)) { return true; } } return false; break; case 'compatVersion': return GeneralUtility::compat_version($value); break; case 'loginUser': if ($this->isUserLoggedIn()) { $values = GeneralUtility::trimExplode(',', $value, true); foreach ($values as $test) { if ($test == '*' || (string) $this->getUserId() === (string) $test) { return true; } } } elseif ($value === '') { return true; } return false; break; case 'page': if ($keyParts[1]) { $page = $this->getPage(); $property = $keyParts[1]; if (!empty($page) && isset($page[$property]) && (string) $page[$property] === (string) $value) { return true; } } return false; break; case 'globalVar': $values = GeneralUtility::trimExplode(',', $value, true); foreach ($values as $test) { $point = strcspn($test, '!=<>'); $theVarName = substr($test, 0, $point); $nv = $this->getVariable(trim($theVarName)); $testValue = substr($test, $point); if ($this->compareNumber($testValue, $nv)) { return true; } } return false; break; case 'globalString': $values = GeneralUtility::trimExplode(',', $value, true); foreach ($values as $test) { $point = strcspn($test, '='); $theVarName = substr($test, 0, $point); $nv = (string) $this->getVariable(trim($theVarName)); $testValue = substr($test, $point + 1); if ($this->searchStringWildcard($nv, trim($testValue))) { return true; } } return false; break; case 'userFunc': $matches = array(); preg_match_all('/^\\s*([^\\(\\s]+)\\s*(?:\\((.*)\\))?\\s*$/', $value, $matches); $funcName = $matches[1][0]; $funcValues = $matches[2][0] ? $this->parseUserFuncArguments($matches[2][0]) : array(); if (is_callable($funcName) && call_user_func_array($funcName, $funcValues)) { return true; } return false; break; } return null; }
/** * Evaluates a TypoScript condition given as input, eg. "[browser=net][...(other conditions)...]" * * @param string $key The condition to match against its criterias. * @param string $value * @return NULL|boolean Result of the evaluation; NULL if condition could not be evaluated */ protected function evaluateConditionCommon($key, $value) { if (GeneralUtility::inList('browser,version,system,useragent', strtolower($key))) { $browserInfo = $this->getBrowserInfo(GeneralUtility::getIndpEnv('HTTP_USER_AGENT')); } $keyParts = GeneralUtility::trimExplode('|', $key); switch ($keyParts[0]) { case 'applicationContext': $values = GeneralUtility::trimExplode(',', $value, TRUE); $currentApplicationContext = GeneralUtility::getApplicationContext(); foreach ($values as $applicationContext) { if ($this->searchStringWildcard($currentApplicationContext, $applicationContext)) { return TRUE; } } break; case 'browser': $values = GeneralUtility::trimExplode(',', $value, TRUE); // take all identified browsers into account, eg chrome deliver // webkit=>532.5, chrome=>4.1, safari=>532.5 // so comparing string will be // "webkit532.5 chrome4.1 safari532.5" $all = ''; foreach ($browserInfo['all'] as $key => $value) { $all .= $key . $value . ' '; } foreach ($values as $test) { if (stripos($all, $test) !== FALSE) { return TRUE; } } break; case 'version': $values = GeneralUtility::trimExplode(',', $value, TRUE); foreach ($values as $test) { if (strcspn($test, '=<>') == 0) { switch ($test[0]) { case '=': if (doubleval(substr($test, 1)) == $browserInfo['version']) { return TRUE; } break; case '<': if (doubleval(substr($test, 1)) > $browserInfo['version']) { return TRUE; } break; case '>': if (doubleval(substr($test, 1)) < $browserInfo['version']) { return TRUE; } break; } } elseif (strpos(' ' . $browserInfo['version'], $test) == 1) { return TRUE; } } break; case 'system': $values = GeneralUtility::trimExplode(',', $value, TRUE); // Take all identified systems into account, e.g. mac for iOS, Linux // for android and Windows NT for Windows XP $allSystems = ' ' . implode(' ', $browserInfo['all_systems']); foreach ($values as $test) { if (stripos($allSystems, $test) !== FALSE) { return TRUE; } } break; case 'device': if (!isset($this->deviceInfo)) { $this->deviceInfo = $this->getDeviceType(GeneralUtility::getIndpEnv('HTTP_USER_AGENT')); } $values = GeneralUtility::trimExplode(',', $value, TRUE); foreach ($values as $test) { if ($this->deviceInfo == $test) { return TRUE; } } break; case 'useragent': $test = trim($value); if ($test !== '') { return $this->searchStringWildcard((string) $browserInfo['useragent'], $test); } break; case 'language': $values = GeneralUtility::trimExplode(',', $value, TRUE); foreach ($values as $test) { if (preg_match('/^\\*.+\\*$/', $test)) { $allLanguages = preg_split('/[,;]/', GeneralUtility::getIndpEnv('HTTP_ACCEPT_LANGUAGE')); if (in_array(substr($test, 1, -1), $allLanguages)) { return TRUE; } } elseif (GeneralUtility::getIndpEnv('HTTP_ACCEPT_LANGUAGE') == $test) { return TRUE; } } break; case 'IP': if ($value === 'devIP') { $value = trim($GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask']); } if (GeneralUtility::cmpIP(GeneralUtility::getIndpEnv('REMOTE_ADDR'), $value)) { return TRUE; } break; case 'hostname': if (GeneralUtility::cmpFQDN(GeneralUtility::getIndpEnv('REMOTE_ADDR'), $value)) { return TRUE; } break; case 'hour': case 'minute': case 'month': case 'year': case 'dayofweek': case 'dayofmonth': case 'dayofyear': // In order to simulate time properly in templates. $theEvalTime = $GLOBALS['SIM_EXEC_TIME']; switch ($key) { case 'hour': $theTestValue = date('H', $theEvalTime); break; case 'minute': $theTestValue = date('i', $theEvalTime); break; case 'month': $theTestValue = date('m', $theEvalTime); break; case 'year': $theTestValue = date('Y', $theEvalTime); break; case 'dayofweek': $theTestValue = date('w', $theEvalTime); break; case 'dayofmonth': $theTestValue = date('d', $theEvalTime); break; case 'dayofyear': $theTestValue = date('z', $theEvalTime); break; } $theTestValue = (int) $theTestValue; // comp $values = GeneralUtility::trimExplode(',', $value, TRUE); foreach ($values as $test) { if (\TYPO3\CMS\Core\Utility\MathUtility::canBeInterpretedAsInteger($test)) { $test = '=' . $test; } if ($this->compareNumber($test, $theTestValue)) { return TRUE; } } break; case 'compatVersion': return GeneralUtility::compat_version($value); break; case 'loginUser': if ($this->isUserLoggedIn()) { $values = GeneralUtility::trimExplode(',', $value, TRUE); foreach ($values as $test) { if ($test == '*' || (string) $this->getUserId() === (string) $test) { return TRUE; } } } elseif ($value === '') { return TRUE; } break; case 'page': if ($keyParts[1]) { $page = $this->getPage(); $property = $keyParts[1]; if (!empty($page) && isset($page[$property]) && (string) $page[$property] === (string) $value) { return TRUE; } } break; case 'globalVar': $values = GeneralUtility::trimExplode(',', $value, TRUE); foreach ($values as $test) { $point = strcspn($test, '!=<>'); $theVarName = substr($test, 0, $point); $nv = $this->getVariable(trim($theVarName)); $testValue = substr($test, $point); if ($this->compareNumber($testValue, $nv)) { return TRUE; } } break; case 'globalString': $values = GeneralUtility::trimExplode(',', $value, TRUE); foreach ($values as $test) { $point = strcspn($test, '='); $theVarName = substr($test, 0, $point); $nv = (string) $this->getVariable(trim($theVarName)); $testValue = substr($test, $point + 1); if ($this->searchStringWildcard($nv, trim($testValue))) { return TRUE; } } break; case 'userFunc': $matches = array(); preg_match_all('/^\\s*([^\\(\\s]+)\\s*(?:\\((.*)\\))?\\s*$/', $value, $matches); $funcName = $matches[1][0]; $funcValues = $matches[2][0] ? $this->parseUserFuncArguments($matches[2][0]) : array(); if (function_exists($funcName) && call_user_func_array($funcName, $funcValues)) { return TRUE; } break; } return NULL; }
/** * Implementing the access checks that the typo3/init.php script does before a user is ever logged in. * Used in the frontend. * * @return boolean Returns TRUE if access is OK */ public function checkBackendAccessSettingsFromInitPhp() { // Check Hardcoded lock on BE if ($GLOBALS['TYPO3_CONF_VARS']['BE']['adminOnly'] < 0) { return FALSE; } // Check IP if (trim($GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) { $remoteAddress = GeneralUtility::getIndpEnv('REMOTE_ADDR'); if (!GeneralUtility::cmpIP($remoteAddress, $GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) { return FALSE; } } // Check SSL (https) if ((int) $GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] && (int) $GLOBALS['TYPO3_CONF_VARS']['BE']['lockSSL'] !== 3) { if (!GeneralUtility::getIndpEnv('TYPO3_SSL')) { return FALSE; } } // Finally a check from \TYPO3\CMS\Core\Authentication\BackendUserAuthentication::backendCheckLogin() if ($this->isUserAllowedToLogin()) { return TRUE; } else { return FALSE; } }
/** * Compare client IP with IPmaskList and exit the script run * if the client is not allowed to access the backend * * @return Bootstrap * @internal This is not a public API method, do not use in own extensions * @throws \RuntimeException */ public function checkBackendIpOrDie() { if (trim($GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) { if (!GeneralUtility::cmpIP(GeneralUtility::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['BE']['IPmaskList'])) { throw new \RuntimeException('TYPO3 Backend access denied: The IP address of your client does not match the list of allowed IP addresses.', 1389265900); } } return $this; }
/** * Checks if given IP address is acceptable. * * @param string $ipAddress IP address to check * @return bool */ public function isIpAddressAccepted($ipAddress) { $ipFilter = $this->extensionConfiguration['ipFilter']; // Re-use global IP mask if so defined if (strtolower($ipFilter) === 'devipmask') { $ipFilter = $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask']; } return GeneralUtility::cmpIP($ipAddress, $ipFilter); }
/** * Write DB settings to LocalConfiguration.php, using default values. * With the switch from mysql to mysqli in 6.1, some mandatory settings were * added. This method tries to add those settings in case of an upgrade, and * pre-configures settings in case of a "new" install process. * * There are two different connection types: * - Unix domain socket. This may be available if mysql is running on localhost * - TCP/IP connection to some mysql system somewhere. * * Unix domain socket connections are quicker than TCP/IP, so it is * tested if a unix domain socket connection to localhost is successful. If not, * a default configuration for TCP/IP is used. * * @return void */ protected function useDefaultValuesForNotConfiguredOptions() { $localConfigurationPathValuePairs = array(); $localConfigurationPathValuePairs['DB/host'] = $this->getConfiguredHost(); // If host is "local" either by upgrading or by first install, we try a socket // connection first and use TCP/IP as fallback if ($localConfigurationPathValuePairs['DB/host'] === 'localhost' || \TYPO3\CMS\Core\Utility\GeneralUtility::cmpIP($localConfigurationPathValuePairs['DB/host'], '127.*.*.*') || (string) $localConfigurationPathValuePairs['DB/host'] === '') { if ($this->isConnectionWithUnixDomainSocketPossible()) { $localConfigurationPathValuePairs['DB/host'] = 'localhost'; $localConfigurationPathValuePairs['DB/socket'] = $this->getConfiguredSocket(); } else { if (!\TYPO3\CMS\Core\Utility\GeneralUtility::isFirstPartOfStr($localConfigurationPathValuePairs['DB/host'], '127.')) { $localConfigurationPathValuePairs['DB/host'] = '127.0.0.1'; } } } if (!isset($localConfigurationPathValuePairs['DB/socket'])) { // Make sure a default port is set if not configured yet // This is independent from any host configuration $port = $this->getConfiguredPort(); if ($port > 0) { $localConfigurationPathValuePairs['DB/port'] = $port; } else { $localConfigurationPathValuePairs['DB/port'] = $this->getConfiguredOrDefaultPort(); } } /** @var \TYPO3\CMS\Core\Configuration\ConfigurationManager $configurationManager */ $configurationManager = $this->objectManager->get(\TYPO3\CMS\Core\Configuration\ConfigurationManager::class); $configurationManager->setLocalConfigurationValuesByPathValuePairs($localConfigurationPathValuePairs); }
/** * @return bool */ protected function getIsAllowedByDevIPMask() { return GeneralUtility::cmpIP(GeneralUtility::getIndpEnv('REMOTE_ADDR'), $GLOBALS['TYPO3_CONF_VARS']['SYS']['devIPmask']); }