[TYPO3-dev] Bug in typo3/index.php ?!

[Chris Zepernick]

Hi Steffen,

> Did you do a blame on the line?
nope
> Check the revision, so that we know what context it is...
> I could imagine it's done for RSAauth...
yes it is but with the registered hook in mind the following is the 
called method:

/**
  * Provides form code for the superchallenged authentication.
  *
  * @param	array	$params	Parameters to the script
  * @param	SC_index	$pObj	Calling object
  * @return	string	The code for the login form
  */
public function getLoginScripts(
	array $params,
	SC_index &$pObj
) {

	$content = '';
	if ($pObj->loginSecurityLevel == 'superchallenged' ||
		$pObj->loginSecurityLevel == 'challenged') {
			$content = '
				<script type="text/javascript" src="md5.js"></script>
				' . $GLOBALS['TBE_TEMPLATE']->wrapScriptTags('
					function doChallengeResponse(superchallenged) {	//
						password = document.loginform.p_field.value;
						if (password)	{
							if (superchallenged)	{
								password = MD5(password);	// this makes it superchallenged!!
							}
							str = 
document.loginform.username.value+":"+password+":"+document.loginform.challenge.value;
							document.loginform.userident.value = MD5(str);
							document.loginform.p_field.value = "";
							return true;
						}
					}
			');
		}
		return $content;
}

it makes no sense that the hook only works for the first occurence.
the only thing it does is add some js, and it should be no problem if 
someone wants to add some additional code.

funny part is this only happens if mode is set to either superchallenged 
or challenged.


so this only adds another method to js, and another script.

Cheers

Chris