[TYPO3-english] [TYPO3] Forcing to change password extension

laurent Cherpit laurent.cherpit at gmail.com
Wed Jun 22 15:07:33 CEST 2011


Hi,

What's going on about this extension. In fact, i need that kind of 
functionality for a new website and i fall on this topic.
What the current state of development ? would you like to publish it ?

Greetings.
Laurent


Christian Lerrahn (Cerebrum) a écrit :
> Hi Sergey,
> On Wed, 13 Apr 2011 12:16:14 -0400
> Sergey Alexandrov<serg at alexandrov.us> wrote:
>
>> Found this thread dated 2007 but still can't find extension :) Does
>> anybody know if it was developed ?
>> Also found cl_beuser_password but not sure if it will work with 4.3
>> and 4.5 :(
>
> The extension doesn't work with current TYPO3 versions out of the box.
> However, with a minimal code modification you can get it to work (it's
> just a redirect you have to adjust).
>
> However, I have to mention that this extension has a major weakness. At
> the time it requires the user to change his password, he is already
> logged in and can easily circumvent the password change by just
> manually navigating to the BE. He will be asked to change the password
> again next time he logs in but will always be able to use the same
> trick again. So, the nuisance factor is the only thing that enforces a
> new password.
>
> I've been working on a new extension which solves this problem more
> elegantly and without the weakness described above. That requires
> patching the core and so far my core patch is still under heavy
> development and only works properly with rsaauth. I hope to be able to
> release a version which works for the usual "superchallenged"
> authentication as well and will then also submit my core patch for
> review.
>
> If you want to have a preview version of what I have now, please
> contact me privately and I'll send you the T3X.
>
> Cheers,
> Christian



More information about the TYPO3-english mailing list