[TYPO3-english] Can I make usernames case-insensitive for felogin?
Loek Hilgersom
hilgersom at xs4all.nl
Thu Feb 11 14:32:28 CET 2010
Xavier and Peter,
Thanks for your answers. I use the loginbox from the default felogin in TYPO3
4.2.11, combined with kb_md5fepw which adds the superchallenge javascript, and
sr_feuserregister for the registration.
Finding out how to store usernames only in lowercase isn't obvious at all, but,
my luck, we use email addresses as usernames and they happen to be transformed
to lowercase already. To my knowledge, there aren't any Typoscript settings for
this purpose in sr_feuserregister.
To make the login case-insensitive on the email field (which is used as
loginname) was easy after your hints. Just adding .toLowerCase() in
class.tx_kbmd5fepw_newloginbox.php, line 67:
function superchallenge_pass(form) {
var pass = form.pass.value;
if (pass) {
var enc_pass = MD5(pass);
var str = form.user.value.toLowerCase()+":"+enc_pass+":"+form.challenge.value;
form.pass.value = MD5(str);
return true;
} else {
return false;
}
}
I need to do a few more tests, but it seems to work so far. Thanks again!
Loek
Peter Russ wrote:
> --- Original Nachricht ---
> Absender: Xavier Perseguers
> Datum: 11.02.2010 09:58:
>> Hi,
>>
>>> I think it would be a great usability improvement to add
>>> case-insensitive usernames as an option. It looks like the actual
>>> username check doesn't happen in the extension felogin (or did I miss
>>> something?). Some pointers for where to look in the code are welcome.
>>
>> First of all it may depend on client code. I don't know how you
>> configured your FE login but show source of your BE login form. If you
>> have superchallenge activated, you'll see this:
>>
>> function doChallengeResponse(superchallenged) { //
>> password = document.loginform.p_field.value;
>> if (password) {
>> if (superchallenged) {
>> password = MD5(password); // this makes it
>> superchallenged!!
>> }
>> str =
>> document.loginform.username.value+":"+password+":"+document.loginform.challenge.value;
>>
>> document.loginform.userident.value = MD5(str);
>> document.loginform.p_field.value = "";
>> return true;
>> }
>> }
>>
>>
>> Meaning the username the user typed will be used to compute a MD5 hash
>> with the password. If you ever want to have a case-insensitive
>> username, you'll certainly want to change this code and force
>> lowercase in the hash computation.
>>
>> Same thing happens in auth service (search for it in Core) or have a
>> look at existing extensions that provide authentication services. This
>> will direct you to where the authentication process is actually taking
>> place.
>
> it shouldn't be that complicated:
> 1) When the user register transfer the username to lowercases. Depending
> on the extension you are using there should be Typoscript to do that.
> 2) For existing users just transfer the username using sql statement
> 3) On the login form add an onchange action for the username field to
> change all characters to lower case.
>
> Peter.
>
More information about the TYPO3-english
mailing list