[TYPO3-english] quick fix for bug with ' Forgot your password? ' if using typo3 v4.3.2 & ' felogin ' with ' kb_md5fepw '

Matthew K - (Swagman Solutions) typo3 at swagmansolutions.com.au
Mon Mar 15 05:04:31 CET 2010 

Hi,

Here is a quick fix for bug with ' Forgot your password? ' if using typo3 
v4.3.2  & ' felogin 1.3.0 ' with ' kb_md5fepw 0.4.0'.

When the ext 'kb_md5fepw' is configured to work with the login forms of 
'felogin', (and the registration form of 'sr_feuser_register'), the password 
is md5 encrypted before being sent back to the database.

Now the new ' Forgot your password? ' form in ext ' felogin ' works as 
expected, ie it successfully sends back the new password to fe_user table 
but in plain text.

Here the lies problem; when a website fe user goes to login after they have 
submitted a password change the encrypted password being submitted by the 
'felogin' form doesn't match the non encrypted password for that user that 
was inserted in plain text from the 'new/change password' form.

-------------------------------------------------------------------------------

A quick fix for this is to md5 the submitted changed password in this file, 
noting that the new code checks if ' kb_md5fepw ' installed:

    /typo3_src-4.3.2/typo3/sysext/felogin/pi1/class.tx_felogin_pi1.php

At line 269 change:

    $newPass = $postData['password1'];

to

    $newPass = 
t3lib_extMgm::isLoaded('kb_md5fepw')?md5($postData['password1']):$postData['password1'];

-------------------------------------------------------------------------------

Please note this is only a workaround to get you the ' Forgot your password? 
' being aware of ' kb_md5fepw ' and the need for the plain text password 
being submitted converted with md5 before updating to database.

Since ' kb_md5fepw ' is about encrypting the password before being sent back 
to the website.
The better solution would be to make the actual subpart template 
'###TEMPLATE_CHANGEPASSWORD###' in file 
/typo3_src-4.3.2/typo3/sysext/felogin/template.html work like the main 
subpart template ###TEMPLATE_LOGIN### works with ' kb_md5fepw '.

regards,

Matthew K
Swagman Solutions

More information about the TYPO3-english mailing list