[TYPO3-english] Using saltedpassword/sr_feuser_register correctly

[Dmitry Dulepov]

Hi!

Oliver Salzburg wrote:
> Given that the only time the string "rsa" turns up in the extension's
> files is a .html in the doc folder, I doubt it.
> How time-consuming would that be to implement? I'm sure they wouldn't
> mind a patch.

It would mean including a couple of js files from the core and a call to js 
function on submit. Than on the PHP site it is a call to decode the password.

They need to have a look at two places:
- typo3/sysext/rsaauth/hooks/class.tx_rsaauth_feloginhook.php (may be, just 
call that hook as is)
- typo3/sysext/rsaauth/sv1/class.tx_rsaauth_sv1.php, function authUser. It 
decrypts the password.

I would say it may take not more than 2h to understand the idea and 
implement it.

-- 
Dmitry "itoldyou" Dulepov
TYPO3 core&security team member
E-mail: dmitry.dulepov at typo3.org
Web: http://dmitry-dulepov.com/