[TYPO3-dev] Getting clear text passwords in authentication service
Steffen Müller
typo3 at t3node.com
Fri May 3 18:35:21 CEST 2013
Hi.
On 03.05.2013 16:17 Chris Müller wrote:
>
> thanks for your answer. I mean the rsa encrypted password from the
> rsaauth extension that is sent from the frontend login when the user
> logs in.
>
/**
* Decrypts a phrase if it was encrypted with routines from rsa_auth sysext
*
* @param $phrase
* @return string
*/
public function decrypt($phrase) {
if ($GLOBALS['TSFE']->fe_user->security_level == 'rsa' &&
t3lib_extMgm::isLoaded('rsaauth')) {
require_once(t3lib_extMgm::extPath('rsaauth') .
'sv1/backends/class.tx_rsaauth_backendfactory.php');
require_once(t3lib_extMgm::extPath('rsaauth') .
'sv1/storage/class.tx_rsaauth_storagefactory.php');
$backend = tx_rsaauth_backendfactory::getBackend();
$storage = tx_rsaauth_storagefactory::getStorage();
// Preprocess the password
$key = $storage->get();
if ($key != NULL && substr($phrase, 0, 4) == 'rsa:') {
// Decode password
$phrase = $backend->decrypt($key, substr($phrase, 4));
}
}
return $phrase;
}
--
cheers,
Steffen
TYPO3 Blog: http://www.t3node.com/
Twitter: @t3node - http://twitter.com/t3node
More information about the TYPO3-dev
mailing list