[TYPO3-english] felogin on every page?
Martin Bless
m.bless at gmx.de
Wed Jun 20 19:08:50 CEST 2012
Hi Christian,
>The normal felogin plugin must not be cached.
Yes indeed, if that's true, that's what I'm concerned about. And
there's quite a bit of code needed:
src="http://...typo3/sysext/rsaauth/resources/jsbn/jsbn.js"
src="http://...typo3/sysext/rsaauth/resources/jsbn/prng4.js"
src="http://...typo3/sysext/rsaauth/resources/jsbn/rng.js"
src="http://...sysext/rsaauth/resources/jsbn/rsa.js"
src="http://...sysext/rsaauth/resources/jsbn/base64.js"
src="http://...typo3/sysext/rsaauth/resources/rsaauth_min.js"
<input type="hidden" id="rsa_n" name="n" value="BECE...98E87" />
<input type="hidden" id="rsa_e" name="e" value="10001" />"
Q: And does that public key change each time the 'felogin' plugin is
run?
Q: Do we have a description somewhere about rsaauth, saltedpasswords
and felogin work together? I'm interested in the principles.
When the login form is submitted it sends 'user=...', 'pass=rsa%3A...'
and 'logintype=login' as post data to TYPO3.
Q: Where in the TYPO3 code (in which class) gets this login decoded
again?
>This is not much of a
>problem in case of a dedicated login page, but if you really need it on
>all pages, you may want to look at the extensions that offer an AJAX
>based login. typo3.org uses one that looks quite nice. AFAIK it's not in
>the TER yet but available on forge.
That sounds good! Let me see ... Is it this one? Probably. This is
what it claims to do:
"""
Use a separate call to determine if a user is logged in and show the
status on pages throughout your website. Lets you serve a cached
version of a page without USER_INT object to show information of the
current fe_user.
Provides some basic functionality to subscribe users, forgot password,
close account etc.
"""
Wow, cool. Thank you, I think, I'll give that a try.
Martin
--
Certified TYPO3 Integrator | TYPO3 Documentation Team Member
http://mbless.de
More information about the TYPO3-english
mailing list