[TYPO3-dev] Frontend users management
Wolfgang Klinger
wk at plan2.net
Fri Jun 20 08:13:25 CEST 2014
*hiya!*
On 20 Jun 2014, at 01:44, Charles Brunet <charles.fmj at gmail.com> wrote:
>
> More specifically:
> - I saw that felogin calls a JS script from tx_rsaauth to encrypt the form
> before sending it to the server. I guess I should use a similar mechanism
> for the registration form, to ensure the password is not sent in plaintext.
> However, I didn't found any documentation about that. How should I do it?
> - How to a validate a password entered in a form? For example, I want to
> build a change password form where the (logged) user should enter its
> current password in side of the new password, to ensure the action is
> legit.
Use SSL if security is important to you.
On the server take a look at the saltedpasswords extension (typo3/sysext/saltedpasswords)
and the classes there.
To compare with an existing password here’s some example code:
--------------
global $TSFE;
$salt = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($TSFE->fe_user->user['password']);
$validPassword = $salt->checkPassword(… the entered password plain …, $TSFE->fe_user->user['password']))) {
--------------
kind regards
Wolfgang
More information about the TYPO3-dev
mailing list