[TYPO3-dev] Frontend users management
Jigal van Hemert
jigal.van.hemert at typo3.org
Fri Jun 20 11:37:55 CEST 2014
Hi,
On 20-6-2014 1:44, Charles Brunet wrote:
> - I saw that felogin calls a JS script from tx_rsaauth to encrypt the form
> before sending it to the server. I guess I should use a similar mechanism
> for the registration form, to ensure the password is not sent in plaintext.
> However, I didn't found any documentation about that. How should I do it?
As mentioned, a registration form should really be on an SSL connection.
rsaauth uses some hooks to add its own JS to felogin. You can find the
scripts in the rsaauth system extension, but they are specifically
crafted for felogin. You need to adapt them you your own needs.
> - How to a validate a password entered in a form? For example, I want to
> build a change password form where the (logged) user should enter its
> current password in side of the new password, to ensure the action is
> legit.
If you make sure that the user is logged in you don't need that
password. If you really want to check a password, you can get
inspiration from
\TYPO3\CMS\Saltedpasswords\SaltedPasswordService::compareUident()
(you can stop after if (!$validPasswd) { because the rest is about
updating the hash in certain cases, but your user is already logged in
and this has been done)
--
Jigal van Hemert
TYPO3 CMS Active Contributor
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-dev
mailing list