View difference between Paste ID: <a href="/FeinV8jE">FeinV8jE</a> and <a href="/Jsnw4NLX">Jsnw4NLX</a>

use \TYPO3\CMS\Core\Utility\GeneralUtility;
1		use \TYPO3\CMS\Core\Utility\GeneralUtility;
2
3		/**
4		* A service that verifies credentials for a frontend user.
5		*
6		* @author Jost Baron <jost.baron at gmx.de>
7		*/
8		class FrontendUserAuthenticationService implements \TYPO3\CMS\Core\SingletonInterface {
9
10		/**
11		* Checks if the given credentials correct for the user with the given name.
12		* Only searches users on the given storage pages.
13		* @param string $username
14		* @param string $password
15		* @param string $storageIds Comma separated list of storage ids too look
16		* on for user data.
17		* @returns boolean true if the credentials are correct, false otherwise.
18		*/
19		public function isValidLogin($username, $password, $storageIds) {
20
21		$loginData = array(
22		'status' => 'login',
23		'uname' => $username,
24		'uident' => $password,
25		'uident_text' => $password,
26		);
27
28		$findUserServiceObjects = $this->getAuthenticationServices('getUserFE', $loginData, $storageIds);
29		$user = $this->getFirstUser($findUserServiceObjects);
30		if (FALSE === $user) {
31		return FALSE;
32		}
33
34		$authUserServiceObjects = $this->getAuthenticationServices('authUserFE', $loginData, $storageIds);
35		return $this->checkUserAuthentication($user, $authUserServiceObjects);
36		}
37
38		/**
39		* Returns the authentication service chain to use (configured using TYPO3).
40		* @param string $subType The subtype of authentication services, either
41		* getUserFE, getUserBE, authUserFE or authUserBE
42		* @param array $loginData
43		* @return array
44		*/
45		protected function getAuthenticationServices($subType, $loginData, $storageIds) {
46		$serviceChain = '';
47		$serviceObjects = array();
48		$authInfo = $this->getAuthInfoArray($storageIds);
49
50		while (is_object($serviceObj = GeneralUtility::makeInstanceService('auth', $subType, $serviceChain))) {
51
52		$serviceChain .= ',' . $serviceObj->getServiceKey();
53
54		$serviceObj->initAuth($subType, $loginData, $authInfo, $this->getParentObject());
55		array_push($serviceObjects, $serviceObj);
56		}
57
58		return $serviceObjects;
59		}
60
61		/**
62		* Returns the first user that matches the login data given to the services.
63		* @param array $serviceObjects The authentication service chain.
64		* @return array\|boolean The database row of the user, or FALSE if none is
65		* found.
66		*/
67		protected function getFirstUser($serviceObjects) {
68		$user = FALSE;
69
70		foreach ($serviceObjects as $serviceObject) {
71		$user = $serviceObject->getUser();
72
73		if (FALSE !== $user) {
74		break;
75		}
76		}
77
78		return $user;
79		}
80
81		/**
82		* Checks if the user is correctly authenticated with the given data.
83		* @param array $user The user to authenticate, as fetched by the
84		* fetchUserFE subtype of the services.
85		* @param array $serviceObjects The authentication service chain.
86		* @return boolean TRUE, if the credentials are correct, FALSE otherwise.
87		*/
88		protected function checkUserAuthentication($user, $serviceObjects) {
89
90		$authenticationSuccessful = FALSE;
91
92		foreach ($serviceObjects as $serviceObject) {
93		$serviceReturnValue = intval($serviceObject->authUser($user));
94
95		if ($serviceReturnValue <= 0) {
96		$authenticationSuccessful = FALSE;
97		break;
98		}
99		if ($serviceReturnValue >= 200) {
100		$authenticationSuccessful = TRUE;
101		break;
102		}
103		else if ($serviceReturnValue < 100) {
104		$authenticationSuccessful = TRUE;
105		}
106		else {
107		$authenticationSuccessful = FALSE;
108		}
109		}
110
111		return $authenticationSuccessful;
112		}
113
114		/**
115		* Returns the "authInfo", a collection of settings and values influencing
116		* authentication.
117		* @param string $pidlist Comma separated list of page ids to search.
118		* @return array The authInfo array.
119		*/
120		protected function getAuthInfoArray($pidlist) {
121		$authInfo = array(
122		'loginType' => 'FE',
123		'refInfo' => parse_url(GeneralUtility::getIndpEnv('HTTP_REFERER')),
124		'HTTP_HOST' => GeneralUtility::getIndpEnv('HTTP_HOST'),
125		'REMOTE_ADDR' => GeneralUtility::getIndpEnv('REMOTE_ADDR'),
126		'REMOTE_HOST' => GeneralUtility::getIndpEnv('REMOTE_HOST'),
127		'showHiddenRecords' => FALSE,
128		'db_user' => array(
129		'table' => 'fe_users',
130		'userid_column' => 'uid',
131		'username_column' => 'username',
132		'userident_column' => 'password',
133		'usergroup_column' => 'usergroup',
134
135		'enable_clause' => $this->getEnabledFieldsClauseForFeUsers(),
136		'checkPidList' => TRUE,
137		'check_pid_clause' => ' AND pid IN (' . $GLOBALS['TYPO3_DB']->cleanIntList($pidlist) . ')',
138		),
139		'db_groups' => array(
140		'table' => 'fe_groups',
141		),
142		);
143
144		return $authInfo;
145		}
146
147		/**
148		* Returns a part of a WHERE clause for the table fe_users, which excludes
149		* all currently disabled records.
150		* @return string
151		*/
152		protected function getEnabledFieldsClauseForFeUsers() {
153		$pageRepository = GeneralUtility::makeInstance('TYPO3\\CMS\\Frontend\\Page\\PageRepository');
154		return $pageRepository->enableFields('fe_users');
155		}
156
157		/**
158		* Returns a "parent" object for the services. Not pretty.
159		* @returns object
160		*/
161		protected function getParentObject() {
162		$parentObject = GeneralUtility::makeInstance('TYPO3\\CMS\\Frontend\\Authentication\\FrontendUserAuthentication');
163		return $parentObject;
164		}
165		}